Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-18 | CVE-2020-3586 | OS Command Injection vulnerability in Cisco DNA Spaces: Connector A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. | 9.8 |
| 2020-11-18 | CVE-2020-28581 | OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | 7.2 |
| 2020-11-18 | CVE-2020-28580 | OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5 A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | 7.2 |
| 2020-11-18 | CVE-2020-3367 | OS Command Injection vulnerability in Cisco Asyncos A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. | 7.8 |
| 2020-11-18 | CVE-2020-24297 | OS Command Injection vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. | 8.8 |
| 2020-11-16 | CVE-2020-8273 | OS Command Injection vulnerability in Citrix Sd-Wan Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8. | 8.8 |
| 2020-11-16 | CVE-2020-8270 | OS Command Injection vulnerability in Citrix Virtual Apps and Desktops 1903/1912/2006 An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342 | 8.8 |
| 2020-11-12 | CVE-2020-24719 | OS Command Injection vulnerability in Couchbase Server 6.5.1/6.5.2 Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. | 9.8 |
| 2020-11-12 | CVE-2020-2000 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. | 7.2 |
| 2020-11-08 | CVE-2020-28347 | OS Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726 tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. | 9.8 |