Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-27 | CVE-2020-25765 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. | 9.8 |
| 2020-10-26 | CVE-2020-26878 | OS Command Injection vulnerability in Commscope Ruckus Vriot 1.5.1.0.21 Ruckus through 1.5.1.0.21 is affected by remote command injection. | 8.8 |
| 2020-10-26 | CVE-2020-15271 | OS Command Injection vulnerability in Lookatme Project Lookatme In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. | 8.8 |
| 2020-10-21 | CVE-2020-3459 | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2020-10-21 | CVE-2020-3457 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |
| 2020-10-20 | CVE-2020-5791 | OS Command Injection vulnerability in Nagios XI Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | 7.2 |
| 2020-10-19 | CVE-2020-13778 | OS Command Injection vulnerability in Rconfig rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | 8.8 |
| 2020-10-16 | CVE-2020-14144 | OS Command Injection vulnerability in Gitea The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). | 7.2 |
| 2020-10-15 | CVE-2020-25859 | OS Command Injection vulnerability in Qualcomm Qcmap The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. | 6.7 |
| 2020-10-15 | CVE-2020-6364 | OS Command Injection vulnerability in SAP Introscope Enterprise Manager SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. | 10.0 |