Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-07 | CVE-2020-7646 | OS Command Injection vulnerability in Curlrequest Project Curlrequest curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input. | 9.8 |
| 2020-05-07 | CVE-2020-6651 | OS Command Injection vulnerability in Eaton Intelligent Power Manager 1.6/1.67 Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. | 7.3 |
| 2020-05-04 | CVE-2020-5332 | OS Command Injection vulnerability in RSA Archer RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. | 7.2 |
| 2020-05-04 | CVE-2020-12109 | OS Command Injection vulnerability in Tp-Link products Certain TP-Link devices allow Command Injection. | 8.8 |
| 2020-05-04 | CVE-2020-12641 | OS Command Injection vulnerability in multiple products rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | 9.8 |
| 2020-05-04 | CVE-2020-12111 | OS Command Injection vulnerability in Tp-Link Nc260 Firmware and Nc450 Firmware Certain TP-Link devices allow Command Injection. | 8.8 |
| 2020-05-02 | CVE-2020-7645 | OS Command Injection vulnerability in Google Chrome-Launcher All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems. | 9.8 |
| 2020-05-01 | CVE-2020-7351 | OS Command Injection vulnerability in Netfortris Trixbox 1.2.0/2.8.0.4 An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. | 8.8 |
| 2020-04-30 | CVE-2020-11016 | OS Command Injection vulnerability in Intelmq Manager Project Intelmq Manager 1.1.0/2.0.0/2.1.0 IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. | 8.8 |
| 2020-04-30 | CVE-2019-19220 | OS Command Injection vulnerability in Bmcsoftware Control-M/Agent 7.0.00.000 BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2). | 8.8 |