Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-02 | CVE-2020-8188 | OS Command Injection vulnerability in UI Unifi Protect Firmware We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges. | 8.8 |
| 2020-07-01 | CVE-2020-15489 | OS Command Injection vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. | 9.8 |
| 2020-07-01 | CVE-2019-15311 | OS Command Injection vulnerability in Linkplay An issue was discovered on Zolo Halo devices via the Linkplay firmware. | 9.8 |
| 2020-07-01 | CVE-2020-7688 | OS Command Injection vulnerability in Mversion Project Mversion The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. | 7.8 |
| 2020-07-01 | CVE-2020-13619 | OS Command Injection vulnerability in Locutus PHP php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution. | 9.8 |
| 2020-06-30 | CVE-2020-14947 | OS Command Injection vulnerability in Factorfx Open Computer Software Inventory Next Generation 2.7 OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid. | 8.8 |
| 2020-06-30 | CVE-2020-15415 | OS Command Injection vulnerability in Draytek products On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. | 9.8 |
| 2020-06-29 | CVE-2020-15362 | OS Command Injection vulnerability in Thingssdk Wifiscanner 1.0.1 wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. | 9.8 |
| 2020-06-29 | CVE-2020-14414 | OS Command Injection vulnerability in Nedi 1.9C NeDi 1.9C is vulnerable to Remote Command Execution. | 8.8 |
| 2020-06-29 | CVE-2020-14412 | OS Command Injection vulnerability in Nedi 1.9C NeDi 1.9C is vulnerable to Remote Command Execution. | 8.8 |