Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-15 | CVE-2020-25759 | OS Command Injection vulnerability in Dlink products An issue was discovered on D-Link DSR-250 3.17 devices. | 8.8 |
| 2020-12-15 | CVE-2020-25757 | OS Command Injection vulnerability in Dlink products A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. | 8.8 |
| 2020-12-14 | CVE-2020-20184 | OS Command Injection vulnerability in Liftoffsoftware Gateone GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection. | 9.8 |
| 2020-12-14 | CVE-2020-5636 | OS Command Injection vulnerability in Necplatforms Aterm Sa3500G Firmware Aterm SA3500G firmware versions prior to Ver. | 6.8 |
| 2020-12-14 | CVE-2020-5635 | OS Command Injection vulnerability in Necplatforms Aterm Sa3500G Firmware Aterm SA3500G firmware versions prior to Ver. | 8.8 |
| 2020-12-11 | CVE-2020-15357 | OS Command Injection vulnerability in Askey Ap5100W Firmware 1.01.097 Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options. | 9.8 |
| 2020-12-11 | CVE-2020-12149 | OS Command Injection vulnerability in Arubanetworks Edgeconnect Enterprise The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. | 6.8 |
| 2020-12-11 | CVE-2020-12148 | OS Command Injection vulnerability in Arubanetworks Edgeconnect Enterprise A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. | 6.8 |
| 2020-12-11 | CVE-2020-7789 | OS Command Injection vulnerability in Node-Notifier Project Node-Notifier This affects the package node-notifier before 9.0.0. | 5.6 |
| 2020-12-10 | CVE-2020-19527 | OS Command Injection vulnerability in Idreamsoft Icms 7.0.14 iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. | 9.8 |