Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2019-15800 | OS Command Injection vulnerability in Zyxel products An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. | 10.0 |
| 2019-11-14 | CVE-2019-15351 | OS Command Injection vulnerability in Tecno-Mobile Tecno/H622/Tecno-Id5B:8.1.0/O11019/G-180829V31:User/Release-Keys Firmware The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
| 2019-11-14 | CVE-2019-15348 | OS Command Injection vulnerability in Tecno-Mobile Tecno/H612/Tecno-Id5A:8.1.0/O11019/F-180828V106:User/Release-Keys Firmware The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
| 2019-11-14 | CVE-2019-15347 | OS Command Injection vulnerability in Tecno-Mobile Camon Iclick 2 Firmware The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
| 2019-11-14 | CVE-2019-15343 | OS Command Injection vulnerability in Tecno-Mobile Camon Iclick Firmware The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). | 7.2 |
| 2019-11-14 | CVE-2019-15342 | OS Command Injection vulnerability in Tecno-Mobile Camon Iair 2+ Firmware The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). | 7.2 |
| 2019-11-13 | CVE-2019-5029 | OS Command Injection vulnerability in Exhibitor Project Exhibitor An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. | 10.0 |
| 2019-11-13 | CVE-2019-9467 | OS Command Injection vulnerability in Google Android In the Bootloader, there is a possible kernel command injection due to missing command sanitization. | 7.2 |
| 2019-11-06 | CVE-2019-8159 | OS Command Injection vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 9.0 |
| 2019-11-01 | CVE-2019-15588 | OS Command Injection vulnerability in Sonatype Nexus Repository Manager There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). | 9.0 |