Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-06 | CVE-2020-3371 | OS Command Injection vulnerability in Cisco Integrated Management Controller 3.0(1C) A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. | 8.8 |
| 2020-11-06 | CVE-2020-16846 | OS Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt through 3002. | 9.8 |
| 2020-11-05 | CVE-2020-24849 | OS Command Injection vulnerability in Fruitywifi Project Fruitywifi A remote code execution vulnerability is identified in FruityWifi through 2.4. | 8.8 |
| 2020-11-01 | CVE-2020-25849 | OS Command Injection vulnerability in Openfind Mailaudit and Mailgates MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token. | 8.8 |
| 2020-10-29 | CVE-2020-27887 | OS Command Injection vulnerability in Eyesofnetwork An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. | 8.8 |
| 2020-10-29 | CVE-2020-27744 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. | 9.8 |
| 2020-10-28 | CVE-2020-16257 | OS Command Injection vulnerability in Winstonprivacy Winston Firmware 1.5.4 Winston 1.5.4 devices are vulnerable to command injection via the API. | 9.8 |
| 2020-10-28 | CVE-2020-27976 | OS Command Injection vulnerability in Oscommerce osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. | 9.8 |
| 2020-10-27 | CVE-2020-27159 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 | 9.8 |
| 2020-10-27 | CVE-2020-27158 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | 9.8 |