Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-17 | CVE-2020-11978 | OS Command Injection vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 8.8 |
| 2020-07-16 | CVE-2020-3332 | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. | 8.8 |
| 2020-07-15 | CVE-2020-8958 | OS Command Injection vulnerability in Gpononu products Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field. | 7.2 |
| 2020-07-15 | CVE-2020-8178 | OS Command Injection vulnerability in Jison Project Jison Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks. | 9.8 |
| 2020-07-14 | CVE-2020-11953 | OS Command Injection vulnerability in Rittal products An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices. | 8.8 |
| 2020-07-14 | CVE-2020-4512 | OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands. | 7.2 |
| 2020-07-14 | CVE-2020-13925 | OS Command Injection vulnerability in Apache Kylin Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. | 9.8 |
| 2020-07-13 | CVE-2020-10987 | OS Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.19 The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. | 9.8 |
| 2020-07-10 | CVE-2020-8186 | OS Command Injection vulnerability in Devcert Project Devcert 1.1.0 A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function. | 9.8 |
| 2020-07-09 | CVE-2020-9377 | OS Command Injection vulnerability in Dlink Dir-610 Firmware D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. | 8.8 |