Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2019-14259 | OS Command Injection vulnerability in Polycom Obihai Obi1022 Firmware 5.1.11 On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. | 7.7 |
| 2019-08-01 | CVE-2019-14337 | OS Command Injection vulnerability in Dlink 6600-Ap Firmware and Dwl-3600Ap Firmware An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. | 2.1 |
| 2019-07-26 | CVE-2019-13638 | OS Command Injection vulnerability in multiple products GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. | 7.8 |
| 2019-07-24 | CVE-2019-3595 | OS Command Injection vulnerability in Mcafee Data Loss Prevention Endpoint Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. | 6.5 |
| 2019-07-24 | CVE-2019-1010179 | OS Command Injection vulnerability in Phkp Project Phkp PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). | 7.5 |
| 2019-07-23 | CVE-2019-1010200 | OS Command Injection vulnerability in Google Voice Builder Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). | 10.0 |
| 2019-07-22 | CVE-2019-12328 | OS Command Injection vulnerability in Atcom A10W Firmware 2.6.1A2421 A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request. | 9.0 |
| 2019-07-22 | CVE-2019-12324 | OS Command Injection vulnerability in Akuvox Sp-R50P Firmware 50.0.6.156 A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request. | 9.0 |
| 2019-07-19 | CVE-2019-12725 | OS Command Injection vulnerability in Zeroshell 3.9.0 Zeroshell 3.9.0 is prone to a remote command execution vulnerability. | 10.0 |
| 2019-07-17 | CVE-2019-13640 | OS Command Injection vulnerability in Qbittorrent In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed. | 9.8 |