Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-15 | CVE-2019-12792 | OS Command Injection vulnerability in Vestacp Control Panel 0.9.824 A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root. | 9.0 |
| 2019-08-15 | CVE-2019-3417 | OS Command Injection vulnerability in ZTE Zxhn F670 Firmware All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. | 8.8 |
| 2019-08-14 | CVE-2019-14527 | OS Command Injection vulnerability in Netgear Mr1100 Firmware An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. | 10.0 |
| 2019-08-14 | CVE-2019-12103 | OS Command Injection vulnerability in Tp-Link M7350 Firmware 1.0.16/151021/160330 The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability. | 10.0 |
| 2019-08-14 | CVE-2019-15027 | OS Command Injection vulnerability in Mediatek Mt6577 Firmware, Mt6625 Firmware and Mt8163 Firmware The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. | 10.0 |
| 2019-08-08 | CVE-2019-1960 | OS Command Injection vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure 3.11.1/3.5.1/3.5.2 Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. | 2.1 |
| 2019-08-08 | CVE-2019-1959 | OS Command Injection vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure 3.11.1/3.5.1/3.5.2 Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. | 2.1 |
| 2019-08-07 | CVE-2019-14744 | OS Command Injection vulnerability in multiple products In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. | 7.8 |
| 2019-08-06 | CVE-2019-14699 | OS Command Injection vulnerability in Microdigital products An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. | 10.0 |
| 2019-08-01 | CVE-2019-14260 | OS Command Injection vulnerability in Al-Enterprise 8008 Firmware 1.50.13 On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. | 7.7 |