Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-21 | CVE-2020-5525 | OS Command Injection vulnerability in NEC products Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. | 8.0 |
| 2020-02-21 | CVE-2020-5524 | OS Command Injection vulnerability in NEC products Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. | 8.8 |
| 2020-02-19 | CVE-2014-2727 | OS Command Injection vulnerability in Trustwave Mailmarshal The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. | 9.8 |
| 2020-02-18 | CVE-2019-10791 | OS Command Injection vulnerability in Promise-Probe Project Promise-Probe promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. | 9.8 |
| 2020-02-17 | CVE-2014-4981 | OS Command Injection vulnerability in Xorux Lpar2Rrd LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | 9.8 |
| 2020-02-17 | CVE-2020-7597 | OS Command Injection vulnerability in Codecov codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. | 8.8 |
| 2020-02-17 | CVE-2020-9027 | OS Command Injection vulnerability in Eltex-Co Ntp-2 Firmware and Ntp-Rg-1402G Firmware ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. | 9.8 |
| 2020-02-17 | CVE-2020-9026 | OS Command Injection vulnerability in Eltex-Co Ntp-2 Firmware and Ntp-Rg-1402G Firmware ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. | 9.8 |
| 2020-02-17 | CVE-2020-9021 | OS Command Injection vulnerability in Postoaktraffic Awam Bluetooth Field Device Firmware Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. | 9.8 |
| 2020-02-17 | CVE-2020-9020 | OS Command Injection vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2/3.0 Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. | 9.8 |