Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2020-08-11 CVE-2020-13124 OS Command Injection vulnerability in Sabnzbd 2.3.9/3.0.0
SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system.
network
low complexity
sabnzbd CWE-78
8.8
8.8
2020-08-11 CVE-2020-14324 OS Command Injection vulnerability in Redhat Cloudforms Management Engine
A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0.
network
low complexity
redhat CWE-78
critical
 9.1
9.1
2020-08-07 CVE-2020-17352 OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.5/18.0
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
network
low complexity
sophos CWE-78
8.8
8.8
2020-08-07 CVE-2020-11852 OS Command Injection vulnerability in Microfocus Secure Messaging Gateway 471
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG).
network
low complexity
microfocus CWE-78
8.8
8.8
2020-08-06 CVE-2020-7361 OS Command Injection vulnerability in Easycorp Zentao PRO 8.8.2
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component.
network
low complexity
easycorp CWE-78
8.8
8.8
2020-08-06 CVE-2020-7357 OS Command Injection vulnerability in Cayintech products
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials.
network
low complexity
cayintech CWE-78
critical
 9.9
9.9
2020-08-05 CVE-2020-13404 OS Command Injection vulnerability in Quadra-Informatique Atos/Sips
The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection.
network
low complexity
quadra-informatique CWE-78
8.8
8.8
2020-08-05 CVE-2020-13151 OS Command Injection vulnerability in Aerospike Server
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query.
network
low complexity
aerospike CWE-78
critical
 9.8
9.8
2020-08-04 CVE-2020-15467 OS Command Injection vulnerability in Cohesive Vns3
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.
network
low complexity
cohesive CWE-78
8.8
8.8
2020-07-31 CVE-2020-3377 OS Command Injection vulnerability in Cisco Data Center Network Manager
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device.
network
low complexity
cisco CWE-78
8.8
8.8