Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2019-15997 | OS Command Injection vulnerability in Cisco DNA Spaces: Connector A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. | 7.2 |
| 2019-11-26 | CVE-2019-15996 | OS Command Injection vulnerability in Cisco DNA Spaces: Connector 2.0 A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. | 7.2 |
| 2019-11-22 | CVE-2019-18910 | OS Command Injection vulnerability in HP Thinpro The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges. | 6.8 |
| 2019-11-22 | CVE-2019-18909 | OS Command Injection vulnerability in HP Thinpro The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. | 7.7 |
| 2019-11-21 | CVE-2019-5072 | OS Command Injection vulnerability in Tendacn Ac9V1.0 Firmware 15.03.05.14En/15.03.05.16Multitru An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). | 4.6 |
| 2019-11-21 | CVE-2019-5071 | OS Command Injection vulnerability in Tendacn Ac9V1.0 Firmware 15.03.05.14En/15.03.05.16Multitru An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). | 7.2 |
| 2019-11-21 | CVE-2019-17650 | OS Command Injection vulnerability in Fortinet Forticlient An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. | 7.2 |
| 2019-11-19 | CVE-2019-18934 | OS Command Injection vulnerability in multiple products Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. | 7.3 |
| 2019-11-18 | CVE-2019-19117 | OS Command Injection vulnerability in Phicomm K2(Psg1218) Firmware 22.5.9.163 /usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter. | 9.0 |
| 2019-11-17 | CVE-2019-19041 | OS Command Injection vulnerability in Xorur Lpar2Rrd and Stor2Rrd An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. | 9.0 |