Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-12-18 CVE-2019-8513 OS Command Injection vulnerability in Apple mac OS X
This issue was addressed with improved checks.
local
low complexity
apple CWE-78
7.8
7.8
2019-12-18 CVE-2019-11399 OS Command Injection vulnerability in Trendnet products
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices.
network
low complexity
trendnet CWE-78
critical
 9.8
9.8
2019-12-16 CVE-2019-18830 OS Command Injection vulnerability in Barco products
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection.
network
low complexity
barco CWE-78
critical
 9.8
9.8
2019-12-13 CVE-2019-17364 OS Command Injection vulnerability in multiple products
The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
 9.8
9.8
2019-12-13 CVE-2019-16737 OS Command Injection vulnerability in multiple products
The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
 9.8
9.8
2019-12-13 CVE-2019-16733 OS Command Injection vulnerability in multiple products
processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
 9.8
9.8
2019-12-13 CVE-2019-16730 OS Command Injection vulnerability in multiple products
processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
 9.8
9.8
2019-12-12 CVE-2018-11805 OS Command Injection vulnerability in multiple products
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors.
local
low complexity
apache debian CWE-78
6.7
6.7
2019-12-11 CVE-2019-3989 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.
network
low complexity
amazon CWE-78
critical
 9.8
9.8
2019-12-11 CVE-2019-3988 OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware 2.3.11
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter.
low complexity
amazon CWE-78
8.8
8.8