Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-27 | CVE-2020-27159 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 | 9.8 |
| 2020-10-27 | CVE-2020-27158 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | 9.8 |
| 2020-10-27 | CVE-2020-25765 | OS Command Injection vulnerability in Westerndigital MY Cloud Firmware Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. | 9.8 |
| 2020-10-26 | CVE-2020-26878 | OS Command Injection vulnerability in Commscope Ruckus Vriot 1.5.1.0.21 Ruckus through 1.5.1.0.21 is affected by remote command injection. | 8.8 |
| 2020-10-26 | CVE-2020-15271 | OS Command Injection vulnerability in Lookatme Project Lookatme In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. | 8.8 |
| 2020-10-21 | CVE-2020-3459 | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2020-10-21 | CVE-2020-3457 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |
| 2020-10-20 | CVE-2020-5791 | OS Command Injection vulnerability in Nagios XI Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | 7.2 |
| 2020-10-19 | CVE-2020-13778 | OS Command Injection vulnerability in Rconfig rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | 8.8 |
| 2020-10-16 | CVE-2020-14144 | OS Command Injection vulnerability in Gitea The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). | 7.2 |