Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-27 | CVE-2020-22000 | OS Command Injection vulnerability in Homeautomation Project Homeautomation 3.3.2 HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. | 8.0 |
| 2021-04-27 | CVE-2021-30642 | OS Command Injection vulnerability in Symantec Security Analytics An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. | 9.8 |
| 2021-04-26 | CVE-2021-20711 | OS Command Injection vulnerability in NEC Aterm Wg2600Hs Firmware 1.3.2/1.5.1 Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2021-04-26 | CVE-2021-20708 | OS Command Injection vulnerability in NEC products NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL. | 7.2 |
| 2021-04-26 | CVE-2021-20696 | OS Command Injection vulnerability in Dlink Dap-1880Ac Firmware 1.21 DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program. | 8.8 |
| 2021-04-23 | CVE-2021-31607 | OS Command Injection vulnerability in multiple products In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. | 7.8 |
| 2021-04-22 | CVE-2021-29465 | OS Command Injection vulnerability in Discord Discord-Recon 0.0.1/0.0.2/0.0.3 Discord-Recon is a bot for the Discord chat service. | 9.8 |
| 2021-04-20 | CVE-2020-35314 | OS Command Injection vulnerability in Wondercms 3.1.3 A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | 9.8 |
| 2021-04-20 | CVE-2021-21526 | OS Command Injection vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root. | 6.7 |
| 2021-04-18 | CVE-2021-23381 | OS Command Injection vulnerability in Killing Project Killing This affects all versions of package killing. | 9.8 |