Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-12 | CVE-2020-2000 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. | 7.2 |
| 2020-11-08 | CVE-2020-28347 | OS Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726 tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. | 9.8 |
| 2020-11-06 | CVE-2020-3371 | OS Command Injection vulnerability in Cisco Integrated Management Controller 3.0(1C) A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. | 8.8 |
| 2020-11-06 | CVE-2020-16846 | OS Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt through 3002. | 9.8 |
| 2020-11-05 | CVE-2020-24849 | OS Command Injection vulnerability in Fruitywifi Project Fruitywifi A remote code execution vulnerability is identified in FruityWifi through 2.4. | 8.8 |
| 2020-11-01 | CVE-2020-25849 | OS Command Injection vulnerability in Openfind Mailaudit and Mailgates MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token. | 8.8 |
| 2020-10-29 | CVE-2020-27887 | OS Command Injection vulnerability in Eyesofnetwork An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. | 8.8 |
| 2020-10-29 | CVE-2020-27744 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. | 9.8 |
| 2020-10-28 | CVE-2020-16257 | OS Command Injection vulnerability in Winstonprivacy Winston Firmware 1.5.4 Winston 1.5.4 devices are vulnerable to command injection via the API. | 9.8 |
| 2020-10-28 | CVE-2020-27976 | OS Command Injection vulnerability in Oscommerce osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. | 9.8 |