Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-21 | CVE-2019-1865 | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. | 9.0 |
| 2019-08-21 | CVE-2019-1864 | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. | 9.0 |
| 2019-08-21 | CVE-2019-1850 | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. | 9.0 |
| 2019-08-21 | CVE-2019-1839 | OS Command Injection vulnerability in Cisco products A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. | 7.2 |
| 2019-08-21 | CVE-2019-1634 | OS Command Injection vulnerability in Cisco products A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). | 9.0 |
| 2019-08-20 | CVE-2019-4294 | OS Command Injection vulnerability in IBM Datapower Gateway and MQ Appliance IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. | 7.8 |
| 2019-08-20 | CVE-2019-3968 | OS Command Injection vulnerability in Open-Emr Openemr In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form. | 9.0 |
| 2019-08-16 | CVE-2019-5477 | OS Command Injection vulnerability in multiple products A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. | 9.8 |
| 2019-08-16 | CVE-2019-14923 | OS Command Injection vulnerability in Eyesofnetwork 5.10 EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. | 6.5 |
| 2019-08-16 | CVE-2018-20969 | OS Command Injection vulnerability in GNU Patch do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. | 9.3 |