Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-08 | CVE-2020-2034 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. | 8.1 |
| 2020-07-08 | CVE-2020-2030 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. | 7.2 |
| 2020-07-06 | CVE-2020-5352 | OS Command Injection vulnerability in Dell EMC Data Protection Advisor 18.1/6.4/6.5 Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. | 8.8 |
| 2020-07-02 | CVE-2020-8188 | OS Command Injection vulnerability in UI Unifi Protect Firmware We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges. | 8.8 |
| 2020-07-01 | CVE-2020-15489 | OS Command Injection vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. | 9.8 |
| 2020-07-01 | CVE-2019-15311 | OS Command Injection vulnerability in Linkplay An issue was discovered on Zolo Halo devices via the Linkplay firmware. | 9.8 |
| 2020-07-01 | CVE-2020-7688 | OS Command Injection vulnerability in Mversion Project Mversion The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. | 7.8 |
| 2020-07-01 | CVE-2020-13619 | OS Command Injection vulnerability in Locutus PHP php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution. | 9.8 |
| 2020-06-30 | CVE-2020-14947 | OS Command Injection vulnerability in Factorfx Open Computer Software Inventory Next Generation 2.7 OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid. | 8.8 |
| 2020-06-30 | CVE-2020-15415 | OS Command Injection vulnerability in Draytek products On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. | 9.8 |