Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-10 | CVE-2019-14889 | OS Command Injection vulnerability in multiple products A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. | 8.8 |
| 2019-12-10 | CVE-2019-17270 | OS Command Injection vulnerability in Yachtcontrol 20191006 Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. | 10.0 |
| 2019-12-08 | CVE-2019-19642 | OS Command Injection vulnerability in Supermicro X8Sti-F Bios and X8Sti-F Firmware On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. | 9.0 |
| 2019-12-05 | CVE-2019-19609 | OS Command Injection vulnerability in Strapi The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function. | 9.0 |
| 2019-11-27 | CVE-2011-2523 | OS Command Injection vulnerability in multiple products vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. | 10.0 |
| 2019-11-27 | CVE-2019-18184 | OS Command Injection vulnerability in Crestron Dmc-Stro Firmware 1.0 Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. | 10.0 |
| 2019-11-27 | CVE-2017-12945 | OS Command Injection vulnerability in Mersive Solstice Firmware Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root. | 9.0 |
| 2019-11-27 | CVE-2019-15298 | OS Command Injection vulnerability in Centreon web A problem was found in Centreon Web through 19.04.3. | 6.5 |
| 2019-11-26 | CVE-2019-16242 | OS Command Injection vulnerability in Alcatelmobile Cingular Flip 2 Firmware B9Huah1 On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. | 7.2 |
| 2019-11-26 | CVE-2019-12489 | OS Command Injection vulnerability in Fastweb Askey Rtv1907Vw Firmware 0.00.81 An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. | 10.0 |