Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-11 | CVE-2020-17368 | OS Command Injection vulnerability in multiple products Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. | 9.8 |
| 2020-08-11 | CVE-2020-13124 | OS Command Injection vulnerability in Sabnzbd 2.3.9/3.0.0 SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system. | 8.8 |
| 2020-08-11 | CVE-2020-14324 | OS Command Injection vulnerability in Redhat Cloudforms Management Engine A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. | 9.1 |
| 2020-08-07 | CVE-2020-17352 | OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.5/18.0 Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | 8.8 |
| 2020-08-07 | CVE-2020-11852 | OS Command Injection vulnerability in Microfocus Secure Messaging Gateway 471 DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). | 8.8 |
| 2020-08-06 | CVE-2020-7361 | OS Command Injection vulnerability in Easycorp Zentao PRO 8.8.2 The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. | 8.8 |
| 2020-08-06 | CVE-2020-7357 | OS Command Injection vulnerability in Cayintech products Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. | 9.9 |
| 2020-08-05 | CVE-2020-13404 | OS Command Injection vulnerability in Quadra-Informatique Atos/Sips The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection. | 8.8 |
| 2020-08-05 | CVE-2020-13151 | OS Command Injection vulnerability in Aerospike Server Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. | 9.8 |
| 2020-08-04 | CVE-2020-15467 | OS Command Injection vulnerability in Cohesive Vns3 The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise. | 8.8 |