Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-07-02 CVE-2019-7256 OS Command Injection vulnerability in Nortekcontrol products
Linear eMerge E3-Series devices allow Command Injections.
network
low complexity
nortekcontrol CWE-78
critical
 9.8
9.8
2019-07-02 CVE-2019-7269 OS Command Injection vulnerability in Nortekcontrol products
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.
network
low complexity
nortekcontrol CWE-78
critical
 9.8
9.8
2019-07-02 CVE-2019-13155 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-02 CVE-2019-13154 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-02 CVE-2019-13153 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-02 CVE-2019-13151 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-02 CVE-2019-13149 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-01 CVE-2019-7670 OS Command Injection vulnerability in Primasystems Flexair 2.3.38
Prima Systems FlexAir, Versions 2.3.38 and prior.
network
low complexity
primasystems CWE-78
7.2
7.2
2019-07-01 CVE-2019-13128 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B03
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03.
network
low complexity
dlink CWE-78
8.8
8.8
2019-06-30 CVE-2019-11829 OS Command Injection vulnerability in Synology Calendar
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.
network
low complexity
synology CWE-78
critical
 9.8
9.8