Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-16 | CVE-2019-1576 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os 9.0.0/9.0.1/9.0.2 Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. | 8.8 |
| 2019-07-14 | CVE-2019-13598 | OS Command Injection vulnerability in Getvera Vera Edge Firmware 1.7.4452 LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped. | 9.8 |
| 2019-07-14 | CVE-2019-13597 | OS Command Injection vulnerability in Sahipro Sahi PRO 8.0.0 _s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. | 9.8 |
| 2019-07-12 | CVE-2019-13567 | OS Command Injection vulnerability in Zoom The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. | 8.8 |
| 2019-07-12 | CVE-2019-13574 | OS Command Injection vulnerability in multiple products In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command. | 7.8 |
| 2019-07-11 | CVE-2019-12579 | OS Command Injection vulnerability in Londontrustmedia Private Internet Access VPN Client 82 A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. | 7.8 |
| 2019-07-11 | CVE-2019-11062 | OS Command Injection vulnerability in Sun.Net Wmpro 5.0/5.1 The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". | 9.8 |
| 2019-07-11 | CVE-2019-13561 | OS Command Injection vulnerability in Dlink Dir-655 Firmware 3.02B05 D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. | 9.8 |
| 2019-07-10 | CVE-2019-13482 | OS Command Injection vulnerability in Dlink Dir-818Lw Firmware 2.06 An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. | 8.8 |
| 2019-07-10 | CVE-2019-13481 | OS Command Injection vulnerability in Dlink Dir-818Lw Firmware 2.06 An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. | 8.8 |