Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-03-24 CVE-2021-1382 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system.
local
low complexity
cisco CWE-78
6.7
6.7
2021-03-23 CVE-2021-21345 OS Command Injection vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-78
critical
 9.9
9.9
2021-03-21 CVE-2021-23360 OS Command Injection vulnerability in Killport Project Killport 1.0.0/1.0.1
This affects the package killport before 1.0.2.
network
low complexity
killport-project CWE-78
8.8
8.8
2021-03-21 CVE-2021-28961 OS Command Injection vulnerability in Openwrt 19.07.0
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
network
low complexity
openwrt CWE-78
8.8
8.8
2021-03-18 CVE-2021-23359 OS Command Injection vulnerability in Port-Killer Project Port-Killer
This affects all versions of package port-killer.
network
low complexity
port-killer-project CWE-78
8.8
8.8
2021-03-15 CVE-2021-23356 OS Command Injection vulnerability in Kill-Process-By-Name Project Kill-Process-By-Name
This affects all versions of package kill-process-by-name.
network
low complexity
kill-process-by-name-project CWE-78
critical
 9.8
9.8
2021-03-15 CVE-2021-23355 OS Command Injection vulnerability in Ps-Kill Project Ps-Kill
This affects all versions of package ps-kill.
network
low complexity
ps-kill-project CWE-78
critical
 9.8
9.8
2021-03-13 CVE-2021-20017 OS Command Injection vulnerability in Sonicwall Sma100 Firmware 10.2.0.0/10.2.0.220Sv/10.2.0.5
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user.
network
low complexity
sonicwall CWE-78
8.8
8.8
2021-03-11 CVE-2021-28143 OS Command Injection vulnerability in Dlink Dir-841 Firmware 3.03/3.04
/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools).
low complexity
dlink CWE-78
8.0
8.0
2021-03-11 CVE-2021-28144 OS Command Injection vulnerability in Dlink Dir-3060 Firmware
prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely.
network
low complexity
dlink CWE-78
8.8
8.8