Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-31 | CVE-2020-35851 | OS Command Injection vulnerability in Hgiga Msr45 Isherlock-User and Ssr45 Isherlock-User HGiga MailSherlock does not validate specific parameters properly. | 9.8 |
| 2020-12-31 | CVE-2020-19664 | OS Command Injection vulnerability in Draytek Vigor2960 Firmware 1.3.1 DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. | 8.8 |
| 2020-12-31 | CVE-2020-17363 | OS Command Injection vulnerability in Usvn USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. | 9.9 |
| 2020-12-30 | CVE-2020-35789 | OS Command Injection vulnerability in Netgear Nms300 Firmware NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. | 8.8 |
| 2020-12-30 | CVE-2020-10209 | OS Command Injection vulnerability in Amino products Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges. | 8.1 |
| 2020-12-27 | CVE-2020-35729 | OS Command Injection vulnerability in Klogserver Klog Server 2.4.1 KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter. | 9.8 |
| 2020-12-26 | CVE-2020-35715 | OS Command Injection vulnerability in Linksys Re6500 Firmware Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. | 8.8 |
| 2020-12-26 | CVE-2020-35714 | OS Command Injection vulnerability in Linksys Re6500 Firmware Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. | 8.8 |
| 2020-12-26 | CVE-2020-35713 | OS Command Injection vulnerability in Linksys Re6500 Firmware Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. | 9.8 |
| 2020-12-24 | CVE-2020-28188 | OS Command Injection vulnerability in Terra-Master TOS Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. | 9.8 |