Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2020-12-17 CVE-2020-25094 OS Command Injection vulnerability in Logrhythm Platform Manager 7.4.9
LogRhythm Platform Manager 7.4.9 allows Command Injection.
network
low complexity
logrhythm CWE-78
critical
 9.8
9.8
2020-12-16 CVE-2020-26274 OS Command Injection vulnerability in Systeminformation
In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability.
network
low complexity
systeminformation CWE-78
8.8
8.8
2020-12-16 CVE-2019-14479 OS Command Injection vulnerability in Adremsoft Netcrunch 10.6.0.4587
AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution.
network
low complexity
adremsoft CWE-78
8.8
8.8
2020-12-16 CVE-2020-25618 OS Command Injection vulnerability in Solarwinds N-Central 12.3.0.670
An issue was discovered in SolarWinds N-Central 12.3.0.670.
network
low complexity
solarwinds CWE-78
8.8
8.8
2020-12-16 CVE-2020-35476 OS Command Injection vulnerability in Opentsdb
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter.
network
low complexity
opentsdb CWE-78
critical
 9.8
9.8
2020-12-15 CVE-2020-25759 OS Command Injection vulnerability in Dlink products
An issue was discovered on D-Link DSR-250 3.17 devices.
network
low complexity
dlink CWE-78
8.8
8.8
2020-12-15 CVE-2020-25757 OS Command Injection vulnerability in Dlink products
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges.
low complexity
dlink CWE-78
8.8
8.8
2020-12-14 CVE-2020-20184 OS Command Injection vulnerability in Liftoffsoftware Gateone
GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection.
network
low complexity
liftoffsoftware CWE-78
critical
 9.8
9.8
2020-12-14 CVE-2020-5636 OS Command Injection vulnerability in Necplatforms Aterm Sa3500G Firmware
Aterm SA3500G firmware versions prior to Ver.
low complexity
necplatforms CWE-78
6.8
6.8
2020-12-14 CVE-2020-5635 OS Command Injection vulnerability in Necplatforms Aterm Sa3500G Firmware
Aterm SA3500G firmware versions prior to Ver.
low complexity
necplatforms CWE-78
8.8
8.8