Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-11 | CVE-2021-28143 | OS Command Injection vulnerability in Dlink Dir-841 Firmware 3.03/3.04 /jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). | 8.0 |
| 2021-03-11 | CVE-2021-28144 | OS Command Injection vulnerability in Dlink Dir-3060 Firmware prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely. | 8.8 |
| 2021-03-11 | CVE-2021-28132 | OS Command Injection vulnerability in Lucysecurity Security Awareness LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. | 9.8 |
| 2021-03-09 | CVE-2021-24033 | OS Command Injection vulnerability in Facebook React-Dev-Utils react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. | 5.6 |
| 2021-03-08 | CVE-2021-21503 | OS Command Injection vulnerability in Dell EMC Powerscale Onefs 8.1.2/8.2.2/9.1.0 PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. | 7.8 |
| 2021-03-08 | CVE-2020-27575 | OS Command Injection vulnerability in Maxum Rumpus 8.2.13/8.2.14 Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. | 8.8 |
| 2021-03-05 | CVE-2021-26970 | OS Command Injection vulnerability in Arubanetworks Airwave A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. | 6.3 |
| 2021-03-05 | CVE-2021-26962 | OS Command Injection vulnerability in Arubanetworks Airwave A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. | 7.2 |
| 2021-03-02 | CVE-2021-27886 | OS Command Injection vulnerability in Docker Dashboard Project Docker Dashboard rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. | 9.8 |
| 2021-03-01 | CVE-2021-3342 | OS Command Injection vulnerability in Eprints 3.4.2 EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. | 9.8 |