Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-17 | CVE-2014-4981 | OS Command Injection vulnerability in Xorux Lpar2Rrd LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | 9.8 |
| 2020-02-17 | CVE-2020-7597 | OS Command Injection vulnerability in Codecov codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. | 8.8 |
| 2020-02-17 | CVE-2020-9027 | OS Command Injection vulnerability in Eltex-Co Ntp-2 Firmware and Ntp-Rg-1402G Firmware ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. | 9.8 |
| 2020-02-17 | CVE-2020-9026 | OS Command Injection vulnerability in Eltex-Co Ntp-2 Firmware and Ntp-Rg-1402G Firmware ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. | 9.8 |
| 2020-02-17 | CVE-2020-9021 | OS Command Injection vulnerability in Postoaktraffic Awam Bluetooth Field Device Firmware Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. | 9.8 |
| 2020-02-17 | CVE-2020-9020 | OS Command Injection vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2/3.0 Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. | 9.8 |
| 2020-02-14 | CVE-2020-8858 | OS Command Injection vulnerability in Moxa products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. | 8.8 |
| 2020-02-13 | CVE-2020-8963 | OS Command Injection vulnerability in Timetoolsltd products TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter. | 9.8 |
| 2020-02-12 | CVE-2020-8949 | OS Command Injection vulnerability in Gocloud products Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring. | 8.8 |
| 2020-02-12 | CVE-2020-8947 | OS Command Injection vulnerability in Artica Pandora FMS 7.0 functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224. | 7.2 |