Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-12-26 CVE-2019-6013 OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009
DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).
local
low complexity
dlink CWE-78
6.8
2019-12-22 CVE-2019-19920 OS Command Injection vulnerability in multiple products
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule.
network
low complexity
sa-exim-project debian canonical CWE-78
8.8
2019-12-18 CVE-2019-15598 OS Command Injection vulnerability in Treekill Project Treekill 1.0.0
A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
network
low complexity
treekill-project CWE-78
7.5
2019-12-18 CVE-2019-8513 OS Command Injection vulnerability in Apple mac OS X
This issue was addressed with improved checks.
local
low complexity
apple CWE-78
7.2
2019-12-18 CVE-2019-11399 OS Command Injection vulnerability in Trendnet products
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices.
network
low complexity
trendnet CWE-78
critical
10.0
2019-12-16 CVE-2019-18830 OS Command Injection vulnerability in Barco products
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection.
network
low complexity
barco CWE-78
critical
10.0
2019-12-13 CVE-2019-17364 OS Command Injection vulnerability in multiple products
The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
10.0
2019-12-13 CVE-2019-16737 OS Command Injection vulnerability in multiple products
The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
10.0
2019-12-13 CVE-2019-16733 OS Command Injection vulnerability in multiple products
processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
10.0
2019-12-12 CVE-2018-11805 OS Command Injection vulnerability in multiple products
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors.
local
low complexity
apache debian CWE-78
6.7