Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-24 | CVE-2019-13650 | OS Command Injection vulnerability in Tp-Link M7350 Firmware 1.0.16 TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5). | 9.8 |
| 2019-10-24 | CVE-2019-13649 | OS Command Injection vulnerability in Tp-Link M7350 Firmware 1.0.16 TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5). | 9.8 |
| 2019-10-23 | CVE-2019-18370 | OS Command Injection vulnerability in MI Millet Router 3G Firmware An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. | 9.8 |
| 2019-10-21 | CVE-2019-16965 | OS Command Injection vulnerability in Fusionpbx resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data. | 7.2 |
| 2019-10-21 | CVE-2019-16964 | OS Command Injection vulnerability in Fusionpbx app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data. | 8.8 |
| 2019-10-18 | CVE-2019-17526 | OS Command Injection vulnerability in Sagemath Sagemathcell An issue was discovered in SageMath Sage Cell Server through 2019-10-05. | 9.8 |
| 2019-10-17 | CVE-2019-14423 | OS Command Injection vulnerability in Eq-3 Ccu2 Firmware and Cux-Daemon A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request. | 8.8 |
| 2019-10-16 | CVE-2019-15277 | OS Command Injection vulnerability in Cisco Telepresence Collaboration Endpoint A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. | 6.7 |
| 2019-10-16 | CVE-2019-15275 | OS Command Injection vulnerability in Cisco Telepresence Collaboration Endpoint A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. | 6.7 |
| 2019-10-16 | CVE-2019-17625 | OS Command Injection vulnerability in Rambox 0.6.9 There is a stored XSS in Rambox 0.6.9 that can lead to code execution. | 9.0 |