Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2019-15348 OS Command Injection vulnerability in Tecno-Mobile Tecno/H612/Tecno-Id5A:8.1.0/O11019/F-180828V106:User/Release-Keys Firmware
The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11).
local
low complexity
tecno-mobile CWE-78
7.8
7.8
2019-11-14 CVE-2019-15347 OS Command Injection vulnerability in Tecno-Mobile Camon Iclick 2 Firmware
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11).
local
low complexity
tecno-mobile CWE-78
7.8
7.8
2019-11-14 CVE-2019-15343 OS Command Injection vulnerability in Tecno-Mobile Camon Iclick Firmware
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8).
local
low complexity
tecno-mobile CWE-78
7.8
7.8
2019-11-14 CVE-2019-15342 OS Command Injection vulnerability in Tecno-Mobile Camon Iair 2+ Firmware
The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11).
local
low complexity
tecno-mobile CWE-78
7.8
7.8
2019-11-13 CVE-2019-5029 OS Command Injection vulnerability in Exhibitor Project Exhibitor
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1.
network
low complexity
exhibitor-project CWE-78
critical
 9.8
9.8
2019-11-13 CVE-2019-18839 OS Command Injection vulnerability in Fudforum 3.0.9
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter.
network
low complexity
fudforum CWE-78
critical
 9.0
9.0
2019-11-12 CVE-2019-18873 OS Command Injection vulnerability in Fudforum 3.0.9
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header.
network
low complexity
fudforum CWE-78
critical
 9.0
9.0
2019-11-06 CVE-2019-8159 OS Command Injection vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-78
8.8
8.8
2019-11-01 CVE-2019-15588 OS Command Injection vulnerability in Sonatype Nexus Repository Manager
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE).
network
low complexity
sonatype CWE-78
7.2
7.2
2019-10-31 CVE-2019-18396 OS Command Injection vulnerability in Technicolor Td5130V2 Firmware Oifwv20
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices.
network
low complexity
technicolor CWE-78
7.2
7.2