Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-09 | CVE-2020-13978 | OS Command Injection vulnerability in Monstra CMS 3.0.4 Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. | 7.2 |
| 2020-06-09 | CVE-2020-13976 | OS Command Injection vulnerability in Dd-Wrt 16214/24 An issue was discovered in DD-WRT through 16214. | 8.8 |
| 2020-06-03 | CVE-2020-3224 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. | 8.8 |
| 2020-06-03 | CVE-2020-3212 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. | 7.2 |
| 2020-06-03 | CVE-2020-3211 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. | 7.2 |
| 2020-06-03 | CVE-2020-3210 | OS Command Injection vulnerability in Cisco IOS A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. | 6.7 |
| 2020-06-03 | CVE-2020-3207 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. | 6.7 |
| 2020-06-03 | CVE-2020-3205 | OS Command Injection vulnerability in Cisco IOS A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. | 8.8 |
| 2020-06-03 | CVE-2020-13782 | OS Command Injection vulnerability in Dlink Dir-865L Firmware 1.20B01 D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. | 8.8 |
| 2020-06-03 | CVE-2020-4180 | OS Command Injection vulnerability in IBM Security Guardium 11.1 IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |