Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-19 | CVE-2014-2727 | OS Command Injection vulnerability in Trustwave Mailmarshal The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. | 9.8 |
| 2020-02-18 | CVE-2019-10791 | OS Command Injection vulnerability in Promise-Probe Project Promise-Probe promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. | 9.8 |
| 2020-02-17 | CVE-2014-4981 | OS Command Injection vulnerability in Xorux Lpar2Rrd LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | 9.8 |
| 2020-02-17 | CVE-2020-7597 | OS Command Injection vulnerability in Codecov codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. | 8.8 |
| 2020-02-17 | CVE-2020-9027 | OS Command Injection vulnerability in Eltex-Co Ntp-2 Firmware and Ntp-Rg-1402G Firmware ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. | 9.8 |
| 2020-02-17 | CVE-2020-9026 | OS Command Injection vulnerability in Eltex-Co Ntp-2 Firmware and Ntp-Rg-1402G Firmware ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. | 9.8 |
| 2020-02-17 | CVE-2020-9021 | OS Command Injection vulnerability in Postoaktraffic Awam Bluetooth Field Device Firmware Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. | 9.8 |
| 2020-02-17 | CVE-2020-9020 | OS Command Injection vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2/3.0 Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. | 9.8 |
| 2020-02-14 | CVE-2020-8858 | OS Command Injection vulnerability in Moxa products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. | 8.8 |
| 2020-02-13 | CVE-2020-8963 | OS Command Injection vulnerability in Timetoolsltd products TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter. | 9.8 |