Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2020-10-02 CVE-2020-12124 OS Command Injection vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
network
low complexity
wavlink CWE-78
critical
9.8
2020-09-25 CVE-2020-25223 OS Command Injection vulnerability in Sophos Unified Threat Management
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
network
low complexity
sophos CWE-78
critical
9.8
2020-09-24 CVE-2020-3417 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust.
local
low complexity
cisco CWE-78
6.7
2020-09-24 CVE-2020-3403 OS Command Injection vulnerability in Cisco IOS XE 17.2.1
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device.
local
low complexity
cisco CWE-78
7.8
2020-09-24 CVE-2020-16148 OS Command Injection vulnerability in Telmat products
The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.
network
low complexity
telmat CWE-78
7.2
2020-09-24 CVE-2020-16147 OS Command Injection vulnerability in Telmat products
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.
network
low complexity
telmat CWE-78
critical
9.8
2020-09-17 CVE-2020-11699 OS Command Injection vulnerability in Titanhq Spamtitan 7.07
An issue was discovered in Titan SpamTitan 7.07.
network
low complexity
titanhq CWE-78
8.8
2020-09-16 CVE-2020-2276 OS Command Injection vulnerability in Jenkins Selection Tasks 1.0
Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.
network
low complexity
jenkins CWE-78
8.8
2020-09-16 CVE-2020-2261 OS Command Injection vulnerability in Jenkins Perfecto
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
network
low complexity
jenkins CWE-78
8.8
2020-09-10 CVE-2020-24552 OS Command Injection vulnerability in Atoptechnology products
Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability.
network
low complexity
atoptechnology CWE-78
7.2