Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-28 | CVE-2020-9463 | OS Command Injection vulnerability in Centreon 19.10 Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request. | 8.8 |
| 2020-02-26 | CVE-2020-3173 | OS Command Injection vulnerability in Cisco UCS Manager A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. | 7.8 |
| 2020-02-26 | CVE-2020-3171 | OS Command Injection vulnerability in Cisco Fxos and UCS Manager A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. | 7.8 |
| 2020-02-26 | CVE-2020-3169 | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. | 6.7 |
| 2020-02-26 | CVE-2020-3167 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). | 7.8 |
| 2020-02-26 | CVE-2019-19994 | OS Command Injection vulnerability in Seling Visual Access Manager 4.15.0/4.29.0 An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. | 9.8 |
| 2020-02-25 | CVE-2019-3999 | OS Command Injection vulnerability in Druva Insync Client 6.5.0 Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. | 7.8 |
| 2020-02-25 | CVE-2019-5142 | OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13 An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. | 7.2 |
| 2020-02-25 | CVE-2019-5141 | OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13 An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. | 8.8 |
| 2020-02-25 | CVE-2019-5140 | OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13 An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. | 8.8 |