Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-31 | CVE-2020-3377 | OS Command Injection vulnerability in Cisco Data Center Network Manager A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. | 8.8 |
| 2020-07-30 | CVE-2020-12620 | OS Command Injection vulnerability in Pi-Hole Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). | 7.8 |
| 2020-07-29 | CVE-2020-5760 | OS Command Injection vulnerability in Grandstream products Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. | 7.8 |
| 2020-07-29 | CVE-2020-7698 | OS Command Injection vulnerability in Gerapy This affects the package Gerapy from 0 and before 0.9.3. | 9.8 |
| 2020-07-24 | CVE-2020-15778 | OS Command Injection vulnerability in multiple products scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. | 7.8 |
| 2020-07-24 | CVE-2020-15922 | OS Command Injection vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0 There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. | 9.8 |
| 2020-07-24 | CVE-2020-15920 | OS Command Injection vulnerability in Midasolutions Eframework 2.8.0/2.8.9/2.9.0 There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. | 9.8 |
| 2020-07-23 | CVE-2020-15477 | OS Command Injection vulnerability in Raspberrytorte Raspberrytortoise 20121028 The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. | 9.8 |
| 2020-07-23 | CVE-2020-15916 | OS Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.19 goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. | 9.8 |
| 2020-07-22 | CVE-2020-15893 | OS Command Injection vulnerability in Dlink Dir-816L Firmware 2.06/2.06.B09 An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. | 9.8 |