Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-23 | CVE-2020-35665 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.0.33/3.1.03/4.2.06 An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. | 9.8 |
| 2020-12-23 | CVE-2020-29552 | OS Command Injection vulnerability in Urve 24.03.2020 An issue was discovered in URVE Build 24.03.2020. | 9.8 |
| 2020-12-22 | CVE-2020-24581 | OS Command Injection vulnerability in Dlink Dsl2888A Firmware An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. | 8.0 |
| 2020-12-21 | CVE-2020-26284 | OS Command Injection vulnerability in Gohugo Hugo Hugo is a fast and Flexible Static Site Generator built in Go. | 8.5 |
| 2020-12-21 | CVE-2020-35606 | OS Command Injection vulnerability in Webmin Arbitrary command execution can occur in Webmin through 1.962. | 8.8 |
| 2020-12-18 | CVE-2020-25494 | OS Command Injection vulnerability in Xinuos Openserver 5.0.7/6.0 Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. | 9.8 |
| 2020-12-17 | CVE-2020-12522 | OS Command Injection vulnerability in Wago products The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10. | 9.8 |
| 2020-12-17 | CVE-2020-8466 | OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password. | 9.8 |
| 2020-12-17 | CVE-2020-25094 | OS Command Injection vulnerability in Logrhythm Platform Manager 7.4.9 LogRhythm Platform Manager 7.4.9 allows Command Injection. | 9.8 |
| 2020-12-16 | CVE-2020-26274 | OS Command Injection vulnerability in Systeminformation In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. | 8.8 |