Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-15 | CVE-2020-8178 | OS Command Injection vulnerability in Jison Project Jison Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks. | 9.8 |
| 2020-07-14 | CVE-2020-11953 | OS Command Injection vulnerability in Rittal products An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices. | 8.8 |
| 2020-07-14 | CVE-2020-4512 | OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands. | 7.2 |
| 2020-07-14 | CVE-2020-13925 | OS Command Injection vulnerability in Apache Kylin Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. | 9.8 |
| 2020-07-13 | CVE-2020-10987 | OS Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.19 The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. | 9.8 |
| 2020-07-10 | CVE-2020-8186 | OS Command Injection vulnerability in Devcert Project Devcert 1.1.0 A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function. | 9.8 |
| 2020-07-09 | CVE-2020-9377 | OS Command Injection vulnerability in Dlink Dir-610 Firmware D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. | 8.8 |
| 2020-07-08 | CVE-2020-2034 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. | 8.1 |
| 2020-07-08 | CVE-2020-2030 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. | 7.2 |
| 2020-07-06 | CVE-2020-5352 | OS Command Injection vulnerability in Dell EMC Data Protection Advisor 18.1/6.4/6.5 Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. | 8.8 |