Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-07 | CVE-2020-10795 | OS Command Injection vulnerability in Gira Tks-Ip-Gateway Firmware 4.0.7.7 Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. | 7.2 |
| 2020-05-07 | CVE-2020-4428 | OS Command Injection vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 9.1 |
| 2020-05-07 | CVE-2020-7805 | OS Command Injection vulnerability in Infomark Iml500 Firmware and Iml520 Firmware An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. | 9.8 |
| 2020-05-07 | CVE-2020-7646 | OS Command Injection vulnerability in Curlrequest Project Curlrequest curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input. | 9.8 |
| 2020-05-07 | CVE-2020-6651 | OS Command Injection vulnerability in Eaton Intelligent Power Manager 1.6/1.67 Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. | 7.3 |
| 2020-05-04 | CVE-2020-5332 | OS Command Injection vulnerability in RSA Archer RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. | 7.2 |
| 2020-05-04 | CVE-2020-12109 | OS Command Injection vulnerability in Tp-Link products Certain TP-Link devices allow Command Injection. | 8.8 |
| 2020-05-04 | CVE-2020-12641 | OS Command Injection vulnerability in multiple products rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | 9.8 |
| 2020-05-04 | CVE-2020-12111 | OS Command Injection vulnerability in Tp-Link Nc260 Firmware and Nc450 Firmware Certain TP-Link devices allow Command Injection. | 8.8 |
| 2020-05-02 | CVE-2020-7645 | OS Command Injection vulnerability in Google Chrome-Launcher All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems. | 9.8 |