Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-16 | CVE-2019-14479 | OS Command Injection vulnerability in Adremsoft Netcrunch 10.6.0.4587 AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. | 8.8 |
| 2020-12-16 | CVE-2020-25618 | OS Command Injection vulnerability in Solarwinds N-Central 12.3.0.670 An issue was discovered in SolarWinds N-Central 12.3.0.670. | 8.8 |
| 2020-12-16 | CVE-2020-35476 | OS Command Injection vulnerability in Opentsdb A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. | 9.8 |
| 2020-12-15 | CVE-2020-25759 | OS Command Injection vulnerability in Dlink products An issue was discovered on D-Link DSR-250 3.17 devices. | 8.8 |
| 2020-12-15 | CVE-2020-25757 | OS Command Injection vulnerability in Dlink products A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. | 8.8 |
| 2020-12-14 | CVE-2020-20184 | OS Command Injection vulnerability in Liftoffsoftware Gateone GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection. | 9.8 |
| 2020-12-14 | CVE-2020-5636 | OS Command Injection vulnerability in Necplatforms Aterm Sa3500G Firmware Aterm SA3500G firmware versions prior to Ver. | 6.8 |
| 2020-12-14 | CVE-2020-5635 | OS Command Injection vulnerability in Necplatforms Aterm Sa3500G Firmware Aterm SA3500G firmware versions prior to Ver. | 8.8 |
| 2020-12-11 | CVE-2020-15357 | OS Command Injection vulnerability in Askey Ap5100W Firmware 1.01.097 Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options. | 9.8 |
| 2020-12-11 | CVE-2020-12149 | OS Command Injection vulnerability in Arubanetworks Edgeconnect Enterprise The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. | 6.8 |