Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-07 | CVE-2020-8126 | OS Command Injection vulnerability in UI Edgeswitch A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). | 7.8 |
| 2020-02-07 | CVE-2020-8654 | OS Command Injection vulnerability in Eyesofnetwork 5.30 An issue was discovered in EyesOfNetwork 5.3. | 8.8 |
| 2020-02-06 | CVE-2020-6760 | OS Command Injection vulnerability in Schmid-Telecom ZI 620 V400 Firmware 090 Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping. | 9.8 |
| 2020-02-06 | CVE-2019-10789 | OS Command Injection vulnerability in Curling Project Curling All versions of curling.js are vulnerable to Command Injection via the run function. | 9.8 |
| 2020-02-04 | CVE-2019-10788 | OS Command Injection vulnerability in DNT Im-Metadata im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. | 9.8 |
| 2020-02-04 | CVE-2019-10787 | OS Command Injection vulnerability in DNT Im-Resize im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. | 9.8 |
| 2020-02-04 | CVE-2019-10786 | OS Command Injection vulnerability in Network-Manager Project Network-Manager 1.0.0/1.0.1/1.0.2 network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. | 9.8 |
| 2020-02-04 | CVE-2015-3611 | OS Command Injection vulnerability in Fortinet Fortimanager A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. | 8.8 |
| 2020-02-01 | CVE-2020-8515 | OS Command Injection vulnerability in Draytek products DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. | 9.8 |
| 2020-01-31 | CVE-2013-3322 | OS Command Injection vulnerability in Netapp Oncommand System Manager 2.0.2/2.1 NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. | 7.2 |