Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-07 | CVE-2020-26085 | OS Command Injection vulnerability in Cisco Jabber Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. | 9.9 |
| 2021-01-06 | CVE-2020-36178 | OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6Eu0.9.14.16 oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). | 9.8 |
| 2020-12-31 | CVE-2020-35851 | OS Command Injection vulnerability in Hgiga Msr45 Isherlock-User and Ssr45 Isherlock-User HGiga MailSherlock does not validate specific parameters properly. | 9.8 |
| 2020-12-31 | CVE-2020-19664 | OS Command Injection vulnerability in Draytek Vigor2960 Firmware 1.3.1 DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. | 8.8 |
| 2020-12-31 | CVE-2020-17363 | OS Command Injection vulnerability in Usvn USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. | 9.9 |
| 2020-12-30 | CVE-2020-35789 | OS Command Injection vulnerability in Netgear Nms300 Firmware NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. | 8.8 |
| 2020-12-30 | CVE-2020-10209 | OS Command Injection vulnerability in Amino products Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges. | 8.1 |
| 2020-12-27 | CVE-2020-35729 | OS Command Injection vulnerability in Klogserver Klog Server 2.4.1 KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter. | 9.8 |
| 2020-12-26 | CVE-2020-35715 | OS Command Injection vulnerability in Linksys Re6500 Firmware Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. | 8.8 |
| 2020-12-26 | CVE-2020-35714 | OS Command Injection vulnerability in Linksys Re6500 Firmware Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. | 8.8 |