Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-25 | CVE-2020-1946 | OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. | 9.8 |
| 2021-03-24 | CVE-2021-1443 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. | 7.2 |
| 2021-03-24 | CVE-2021-1441 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. | 6.7 |
| 2021-03-24 | CVE-2021-1384 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. | 7.2 |
| 2021-03-24 | CVE-2021-1382 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. | 6.7 |
| 2021-03-23 | CVE-2021-21345 | OS Command Injection vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. | 9.9 |
| 2021-03-21 | CVE-2021-23360 | OS Command Injection vulnerability in Killport Project Killport 1.0.0/1.0.1 This affects the package killport before 1.0.2. | 8.8 |
| 2021-03-21 | CVE-2021-28961 | OS Command Injection vulnerability in Openwrt 19.07.0 applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. | 8.8 |
| 2021-03-18 | CVE-2021-23359 | OS Command Injection vulnerability in Port-Killer Project Port-Killer This affects all versions of package port-killer. | 8.8 |
| 2021-03-15 | CVE-2021-23356 | OS Command Injection vulnerability in Kill-Process-By-Name Project Kill-Process-By-Name This affects all versions of package kill-process-by-name. | 9.8 |