Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-11 | CVE-2020-12148 | OS Command Injection vulnerability in Arubanetworks Edgeconnect Enterprise A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. | 6.8 |
| 2020-12-11 | CVE-2020-7789 | OS Command Injection vulnerability in Node-Notifier Project Node-Notifier This affects the package node-notifier before 9.0.0. | 5.6 |
| 2020-12-10 | CVE-2020-19527 | OS Command Injection vulnerability in Idreamsoft Icms 7.0.14 iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. | 9.8 |
| 2020-12-10 | CVE-2020-19142 | OS Command Injection vulnerability in Idreamsoft Icms 7.0.0 iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. | 9.8 |
| 2020-12-09 | CVE-2020-26838 | OS Command Injection vulnerability in SAP Business Warehouse and Bw/4Hana SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. | 9.1 |
| 2020-11-30 | CVE-2020-29390 | OS Command Injection vulnerability in Zeroshell 3.9.3 Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. | 9.8 |
| 2020-11-29 | CVE-2020-29381 | OS Command Injection vulnerability in Vsolcn products An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. | 9.8 |
| 2020-11-27 | CVE-2020-26245 | OS Command Injection vulnerability in Systeminformation npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. | 9.8 |
| 2020-11-24 | CVE-2020-29056 | OS Command Injection vulnerability in multiple products An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. | 9.8 |
| 2020-11-23 | CVE-2020-4006 | OS Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.1 |