Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-01 | CVE-2020-25849 | OS Command Injection vulnerability in Openfind Mailaudit and Mailgates MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token. | 8.8 |
| 2020-10-29 | CVE-2020-27887 | OS Command Injection vulnerability in Eyesofnetwork An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. | 8.8 |
| 2020-10-29 | CVE-2020-27744 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. | 9.8 |
| 2020-10-28 | CVE-2020-16257 | OS Command Injection vulnerability in Winstonprivacy Winston Firmware 1.5.4 Winston 1.5.4 devices are vulnerable to command injection via the API. | 9.8 |
| 2020-10-28 | CVE-2020-27976 | OS Command Injection vulnerability in Oscommerce osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. | 9.8 |
| 2020-10-27 | CVE-2020-27159 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 | 9.8 |
| 2020-10-27 | CVE-2020-27158 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | 9.8 |
| 2020-10-27 | CVE-2020-25765 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. | 9.8 |
| 2020-10-26 | CVE-2020-26878 | OS Command Injection vulnerability in Commscope Ruckus Vriot 1.5.1.0.21 Ruckus through 1.5.1.0.21 is affected by remote command injection. | 8.8 |
| 2020-10-26 | CVE-2020-15271 | OS Command Injection vulnerability in Lookatme Project Lookatme In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. | 8.8 |