Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-22 | CVE-2019-10780 | OS Command Injection vulnerability in Bibtex-Ruby Project Bibtex-Ruby BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open. | 10.0 |
| 2020-01-21 | CVE-2020-7594 | OS Command Injection vulnerability in Multitech Conduit Mtcdt-Lvw2-246A Firmware 1.4.17Ocea13592 MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. | 9.0 |
| 2020-01-20 | CVE-2020-7244 | OS Command Injection vulnerability in Comtechtel Stampede Fx-1010 Firmware 7.4.3 Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. | 9.0 |
| 2020-01-20 | CVE-2020-7243 | OS Command Injection vulnerability in Comtechtel Stampede Fx-1010 Firmware 7.4.3 Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. | 9.0 |
| 2020-01-20 | CVE-2020-7242 | OS Command Injection vulnerability in Comtechtel Stampede Fx-1010 Firmware 7.4.3 Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. | 9.0 |
| 2020-01-20 | CVE-2020-7240 | OS Command Injection vulnerability in Meinbergglobal Lantime M1000 Firmware and Lantime M300 Firmware Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). | 8.8 |
| 2020-01-20 | CVE-2020-7237 | OS Command Injection vulnerability in Cacti 1.2.8 Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. | 8.8 |
| 2020-01-17 | CVE-2019-10958 | OS Command Injection vulnerability in Geutebrueck products Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | 9.0 |
| 2020-01-17 | CVE-2019-10956 | OS Command Injection vulnerability in Geutebrueck products Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. | 9.0 |
| 2020-01-15 | CVE-2020-1609 | OS Command Injection vulnerability in Juniper Junos When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. | 8.3 |