Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2020-09-24 CVE-2020-3403 OS Command Injection vulnerability in Cisco IOS XE 17.2.1
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device.
local
low complexity
cisco CWE-78
7.8
2020-09-24 CVE-2020-16148 OS Command Injection vulnerability in Telmat products
The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.
network
low complexity
telmat CWE-78
7.2
2020-09-24 CVE-2020-16147 OS Command Injection vulnerability in Telmat products
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.
network
low complexity
telmat CWE-78
critical
9.8
2020-09-17 CVE-2020-11699 OS Command Injection vulnerability in Titanhq Spamtitan 7.07
An issue was discovered in Titan SpamTitan 7.07.
network
low complexity
titanhq CWE-78
8.8
2020-09-16 CVE-2020-2276 OS Command Injection vulnerability in Jenkins Selection Tasks 1.0
Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.
network
low complexity
jenkins CWE-78
8.8
2020-09-16 CVE-2020-2261 OS Command Injection vulnerability in Jenkins Perfecto
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
network
low complexity
jenkins CWE-78
8.8
2020-09-10 CVE-2020-24552 OS Command Injection vulnerability in Atoptechnology products
Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability.
network
low complexity
atoptechnology CWE-78
7.2
2020-09-09 CVE-2020-24916 OS Command Injection vulnerability in multiple products
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
network
low complexity
yaws debian canonical CWE-78
critical
9.8
2020-09-09 CVE-2020-2038 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
7.2
2020-09-09 CVE-2020-2037 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges.
network
low complexity
paloaltonetworks CWE-78
7.2