Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-3367 OS Command Injection vulnerability in Cisco Asyncos
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root.
local
low complexity
cisco CWE-78
7.8
7.8
2020-11-18 CVE-2020-24297 OS Command Injection vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline.
network
low complexity
tp-link CWE-78
8.8
8.8
2020-11-16 CVE-2020-8273 OS Command Injection vulnerability in Citrix Sd-Wan
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
network
low complexity
citrix CWE-78
8.8
8.8
2020-11-16 CVE-2020-8270 OS Command Injection vulnerability in Citrix Virtual Apps and Desktops 1903/1912/2006
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342
network
low complexity
citrix CWE-78
8.8
8.8
2020-11-12 CVE-2020-24719 OS Command Injection vulnerability in Couchbase Server 6.5.1/6.5.2
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack.
network
low complexity
couchbase CWE-78
critical
 9.8
9.8
2020-11-12 CVE-2020-2000 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
7.2
7.2
2020-11-08 CVE-2020-28347 OS Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter.
network
low complexity
tp-link CWE-78
critical
 9.8
9.8
2020-11-06 CVE-2020-3371 OS Command Injection vulnerability in Cisco Integrated Management Controller 3.0(1C)
A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level.
network
low complexity
cisco CWE-78
8.8
8.8
2020-11-06 CVE-2020-16846 OS Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt through 3002.
network
low complexity
saltstack debian fedoraproject CWE-78
critical
 9.8
9.8
2020-11-05 CVE-2020-24849 OS Command Injection vulnerability in Fruitywifi Project Fruitywifi
A remote code execution vulnerability is identified in FruityWifi through 2.4.
network
low complexity
fruitywifi-project CWE-78
8.8
8.8