Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-06 | CVE-2019-14699 | OS Command Injection vulnerability in Microdigital products An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. | 9.8 |
2019-08-01 | CVE-2019-14260 | OS Command Injection vulnerability in Al-Enterprise 8008 Firmware 1.50.13 On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. | 8.0 |
2019-08-01 | CVE-2019-14259 | OS Command Injection vulnerability in Polycom Obihai Obi1022 Firmware 5.1.11 On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. | 8.0 |
2019-08-01 | CVE-2019-14337 | OS Command Injection vulnerability in Dlink 6600-Ap Firmware and Dwl-3600Ap Firmware An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. | 5.5 |
2019-07-29 | CVE-2019-1020004 | OS Command Injection vulnerability in Tridactyl Project Tridactyl 1.14.10/1.15.0 Tridactyl before 1.16.0 allows fake key events. | 7.5 |
2019-07-26 | CVE-2019-13638 | OS Command Injection vulnerability in multiple products GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. | 7.8 |
2019-07-24 | CVE-2019-3595 | OS Command Injection vulnerability in Mcafee Data Loss Prevention Endpoint Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. | 6.5 |
2019-07-24 | CVE-2019-1010179 | OS Command Injection vulnerability in Phkp Project Phkp PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). | 9.8 |
2019-07-23 | CVE-2019-1010200 | OS Command Injection vulnerability in Google Voice Builder Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). | 9.8 |
2019-07-22 | CVE-2019-12328 | OS Command Injection vulnerability in Atcom A10W Firmware 2.6.1A2421 A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request. | 8.8 |