Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-18 | CVE-2021-32305 | OS Command Injection vulnerability in Websvn WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. | 9.8 |
| 2021-05-13 | CVE-2020-36198 | OS Command Injection vulnerability in Qnap Malware Remover A command injection vulnerability has been reported to affect certain versions of Malware Remover. | 6.7 |
| 2021-05-11 | CVE-2021-32605 | OS Command Injection vulnerability in Zzzcms Zzzphp zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | 9.8 |
| 2021-05-11 | CVE-2021-31915 | OS Command Injection vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. | 9.8 |
| 2021-05-10 | CVE-2021-23012 | OS Command Injection vulnerability in F5 products On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. | 8.2 |
| 2021-05-07 | CVE-2021-32090 | OS Command Injection vulnerability in Localstack 0.12.6 The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter. | 9.8 |
| 2021-05-06 | CVE-2021-28151 | OS Command Injection vulnerability in Hongdian H8922 Firmware 3.0.5 Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest. | 8.8 |
| 2021-05-06 | CVE-2021-1401 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. | 7.2 |
| 2021-05-06 | CVE-2021-1497 | OS Command Injection vulnerability in Cisco Hyperflex HX Data Platform Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. | 9.8 |
| 2021-05-06 | CVE-2021-1514 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. | 7.8 |