Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2020-4213 | OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 9.8 |
| 2020-02-24 | CVE-2020-4211 | OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 9.8 |
| 2020-02-24 | CVE-2020-4210 | OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 9.8 |
| 2020-02-24 | CVE-2020-8130 | OS Command Injection vulnerability in multiple products There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | 6.4 |
| 2020-02-24 | CVE-2019-18183 | OS Command Injection vulnerability in multiple products pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. | 9.8 |
| 2020-02-24 | CVE-2019-18182 | OS Command Injection vulnerability in multiple products pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. | 9.8 |
| 2020-02-22 | CVE-2020-8813 | OS Command Injection vulnerability in multiple products graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. | 8.8 |
| 2020-02-21 | CVE-2020-6842 | OS Command Injection vulnerability in Dlink Dch-M225 Firmware 1.05B01 D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | 7.2 |
| 2020-02-21 | CVE-2020-6841 | OS Command Injection vulnerability in Dlink Dch-M225 Firmware 1.05B01 D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | 9.8 |
| 2020-02-21 | CVE-2020-5534 | OS Command Injection vulnerability in NEC Aterm Wg2600Hs Firmware 1.3.2 Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | 8.0 |