Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-02-08 CVE-2020-11920 OS Command Injection vulnerability in Svakom Siime EYE Firmware 14.1.00000001.3.330.0.0.3.14
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14.
network
low complexity
svakom CWE-78
critical
9.8
2021-02-07 CVE-2021-3122 OS Command Injection vulnerability in NCR Command Center Agent 16.3
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021.
network
low complexity
ncr CWE-78
critical
9.8
2021-02-07 CVE-2020-36243 OS Command Injection vulnerability in Open-Emr Openemr 5.0.2.1
The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php.
network
low complexity
open-emr CWE-78
8.8
2021-02-04 CVE-2021-1318 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
network
low complexity
cisco CWE-78
7.2
2021-02-04 CVE-2021-1317 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
network
low complexity
cisco CWE-78
7.2
2021-02-04 CVE-2021-1316 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
network
low complexity
cisco CWE-78
7.2
2021-02-04 CVE-2021-1315 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
network
low complexity
cisco CWE-78
7.2
2021-02-04 CVE-2021-1314 OS Command Injection vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
network
low complexity
cisco CWE-78
7.2
2021-02-03 CVE-2020-2507 OS Command Injection vulnerability in Qnap Helpdesk
The vulnerability have been reported to affect earlier versions of QTS.
network
low complexity
qnap CWE-78
critical
9.8
2021-02-02 CVE-2021-21289 OS Command Injection vulnerability in multiple products
Mechanize is an open-source ruby library that makes automated web interaction easy.
network
high complexity
mechanize-project fedoraproject debian CWE-78
8.3