Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-3459 | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2020-10-21 | CVE-2020-3457 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |
| 2020-10-20 | CVE-2020-5791 | OS Command Injection vulnerability in Nagios XI Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | 7.2 |
| 2020-10-19 | CVE-2020-13778 | OS Command Injection vulnerability in Rconfig rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | 8.8 |
| 2020-10-16 | CVE-2020-14144 | OS Command Injection vulnerability in Gitea The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). | 7.2 |
| 2020-10-15 | CVE-2020-25859 | OS Command Injection vulnerability in Qualcomm Qcmap The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. | 6.7 |
| 2020-10-15 | CVE-2020-6364 | OS Command Injection vulnerability in SAP Introscope Enterprise Manager SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. | 10.0 |
| 2020-10-08 | CVE-2020-3602 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2020-10-08 | CVE-2020-3601 | OS Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2020-10-06 | CVE-2020-26582 | OS Command Injection vulnerability in Dlink Dap-1360U Firmware D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18). | 8.8 |