Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-31 | CVE-2019-3984 | OS Command Injection vulnerability in Amazon Blink XT2 Sync Module Firmware Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet. | 9.8 |
| 2019-12-31 | CVE-2019-9197 | OS Command Injection vulnerability in Unity3D Unity Editor The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code. | 8.8 |
| 2019-12-30 | CVE-2019-17621 | OS Command Injection vulnerability in Dlink products The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. | 9.8 |
| 2019-12-30 | CVE-2019-10774 | OS Command Injection vulnerability in PHP-Shellcommand Project PHP-Shellcommand php-shellcommand versions before 1.6.1 have a command injection vulnerability. | 9.8 |
| 2019-12-26 | CVE-2019-6014 | OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009 DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface. | 8.8 |
| 2019-12-26 | CVE-2019-6013 | OS Command Injection vulnerability in Dlink Dba-1510P Firmware 1.70B005/1.70B009 DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). | 6.6 |
| 2019-12-22 | CVE-2019-19920 | OS Command Injection vulnerability in multiple products sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. | 8.8 |
| 2019-12-18 | CVE-2019-15598 | OS Command Injection vulnerability in Treekill Project Treekill 1.0.0 A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command. | 9.8 |
| 2019-12-18 | CVE-2019-8513 | OS Command Injection vulnerability in Apple mac OS X This issue was addressed with improved checks. | 7.8 |
| 2019-12-18 | CVE-2019-11399 | OS Command Injection vulnerability in Trendnet products An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. | 9.8 |