Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-07 | CVE-2021-28927 | OS Command Injection vulnerability in Libretro Retroarch 1.9.0/1.9.1 The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names. | 7.8 |
| 2021-04-06 | CVE-2021-28204 | OS Command Injection vulnerability in Asus products The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. | 7.2 |
| 2021-04-06 | CVE-2021-28203 | OS Command Injection vulnerability in Asus products The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. | 7.2 |
| 2021-04-02 | CVE-2020-27600 | OS Command Injection vulnerability in Dlink Dir-846 Firmware A1100.26 HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. | 9.8 |
| 2021-04-02 | CVE-2021-28113 | OS Command Injection vulnerability in Okta Access Gateway A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. | 6.7 |
| 2021-04-01 | CVE-2021-29083 | OS Command Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. | 7.2 |
| 2021-03-31 | CVE-2021-23348 | OS Command Injection vulnerability in Portprocesses Project Portprocesses This affects the package portprocesses before 1.0.5. | 8.8 |
| 2021-03-30 | CVE-2021-23363 | OS Command Injection vulnerability in Kill-By-Port Project Kill-By-Port 0.0.1 This affects the package kill-by-port before 0.0.2. | 8.8 |
| 2021-03-30 | CVE-2021-26810 | OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05 D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. | 9.8 |
| 2021-03-30 | CVE-2021-25162 | OS Command Injection vulnerability in multiple products A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. | 8.1 |