Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,949)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7633 1Apiconnect Cli Plugins Project 1Apiconnect Cli Plugins Nov 21, 2024 Apr 6, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument.
CVE-2020-7632 1Node Mpv Project 1Node Mpv Nov 21, 2024 Apr 6, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
CVE-2020-7631 1Diskusage Ng Project 1Diskusage Ng Nov 21, 2024 Apr 6, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument.
CVE-2020-7630 1Git Add Remote Project 1Git Add Remote Nov 21, 2024 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument.
CVE-2020-7629 1Install Package Project 1Install Package Nov 21, 2024 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
CVE-2020-7628 2Install Package Project Umount Project 2Install Package Umount Nov 21, 2024 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization.
CVE-2020-7627 1Node Key Sender Project 1Node Key Sender Nov 21, 2024 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function.
CVE-2020-7626 1Karma Mojo Project 1Karma Mojo Nov 21, 2024 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.
CVE-2020-7625 1Op Browser Project 1Op Browser Nov 21, 2024 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function.
CVE-2020-7624 1Effect Project 1Effect Nov 21, 2024 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.
CVE-2020-7623 1Jscover Project 1Jscover Nov 21, 2024 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument.
CVE-2020-7621 1Ibm 1Strongloop Nginx Controller Nov 21, 2024 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function.
CVE-2020-7620 1Netease 1Pomelo Monitor Nov 21, 2024 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params.
CVE-2020-7619 1Get Git Data Project 1Get Git Data Nov 21, 2024 Apr 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data.
CVE-2020-11490 1Zevenet 1Zen Load Balancer Nov 21, 2024 Apr 2, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality,...Show more Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter.Show less
CVE-2020-4242 1Ibm 2Spectrum Protect Plus Spectrum Scale Nov 21, 2024 Mar 31, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could ex...Show more IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419.Show less
CVE-2020-4241 1Ibm 2Spectrum Protect Plus Spectrum Scale Nov 21, 2024 Mar 31, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could ex...Show more IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418.Show less
CVE-2020-4206 1Ibm 1Spectrum Protect Plus Nov 21, 2024 Mar 31, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID:...Show more IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966.Show less
CVE-2019-19606 1X Plane 1X Plane Nov 21, 2024 Mar 30, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be u...Show more X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system.Show less
CVE-2020-10886 1Tp Link 1Ac1750 Firmware Nov 21, 2024 Mar 25, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The s...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662.Show less

Previous 1...231232233...298 Next