Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-11 | CVE-2020-15357 | OS Command Injection vulnerability in Askey Ap5100W Firmware 1.01.097 Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options. | 9.8 |
| 2020-12-11 | CVE-2020-12149 | OS Command Injection vulnerability in Arubanetworks Edgeconnect Enterprise The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. | 6.8 |
| 2020-12-11 | CVE-2020-12148 | OS Command Injection vulnerability in Arubanetworks Edgeconnect Enterprise A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. | 6.8 |
| 2020-12-11 | CVE-2020-7789 | OS Command Injection vulnerability in Node-Notifier Project Node-Notifier This affects the package node-notifier before 9.0.0. | 5.6 |
| 2020-12-10 | CVE-2020-19527 | OS Command Injection vulnerability in Idreamsoft Icms 7.0.14 iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. | 9.8 |
| 2020-12-10 | CVE-2020-19142 | OS Command Injection vulnerability in Idreamsoft Icms 7.0.0 iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. | 9.8 |
| 2020-12-09 | CVE-2020-26838 | OS Command Injection vulnerability in SAP Business Warehouse and Bw/4Hana SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. | 9.1 |
| 2020-11-30 | CVE-2020-29390 | OS Command Injection vulnerability in Zeroshell 3.9.3 Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. | 9.8 |
| 2020-11-29 | CVE-2020-29381 | OS Command Injection vulnerability in Vsolcn products An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. | 9.8 |
| 2020-11-27 | CVE-2020-26245 | OS Command Injection vulnerability in Systeminformation npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. | 9.8 |