Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-24 | CVE-2021-1382 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. | 6.7 |
2021-03-23 | CVE-2021-21345 | OS Command Injection vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. | 9.9 |
2021-03-21 | CVE-2021-23360 | OS Command Injection vulnerability in Killport Project Killport 1.0.0/1.0.1 This affects the package killport before 1.0.2. | 8.8 |
2021-03-21 | CVE-2021-28961 | OS Command Injection vulnerability in Openwrt 19.07.0 applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. | 8.8 |
2021-03-18 | CVE-2021-23359 | OS Command Injection vulnerability in Port-Killer Project Port-Killer This affects all versions of package port-killer. | 8.8 |
2021-03-15 | CVE-2021-23356 | OS Command Injection vulnerability in Kill-Process-By-Name Project Kill-Process-By-Name This affects all versions of package kill-process-by-name. | 9.8 |
2021-03-15 | CVE-2021-23355 | OS Command Injection vulnerability in Ps-Kill Project Ps-Kill This affects all versions of package ps-kill. | 9.8 |
2021-03-13 | CVE-2021-20017 | OS Command Injection vulnerability in Sonicwall Sma100 Firmware 10.2.0.0/10.2.0.220Sv/10.2.0.5 A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. | 8.8 |
2021-03-11 | CVE-2021-28143 | OS Command Injection vulnerability in Dlink Dir-841 Firmware 3.03/3.04 /jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). | 8.0 |
2021-03-11 | CVE-2021-28144 | OS Command Injection vulnerability in Dlink Dir-3060 Firmware prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely. | 8.8 |