Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-02 | CVE-2019-13151 | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. | 6.5 |
| 2019-07-02 | CVE-2019-13149 | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. | 6.5 |
| 2019-07-01 | CVE-2019-7670 | OS Command Injection vulnerability in Primasystems Flexair 2.3.38 Prima Systems FlexAir, Versions 2.3.38 and prior. | 7.2 |
| 2019-07-01 | CVE-2019-13128 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B03 An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. | 9.0 |
| 2019-06-30 | CVE-2019-11829 | OS Command Injection vulnerability in Synology Calendar OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header. | 9.8 |
| 2019-06-28 | CVE-2019-12997 | OS Command Injection vulnerability in Icon Loopchain In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable). | 9.0 |
| 2019-06-27 | CVE-2019-3631 | OS Command Injection vulnerability in Mcafee Enterprise Security Manager Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | 7.2 |
| 2019-06-27 | CVE-2019-3630 | OS Command Injection vulnerability in Mcafee Enterprise Security Manager Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | 7.2 |
| 2019-06-27 | CVE-2019-5819 | OS Command Injection vulnerability in multiple products Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. | 7.8 |
| 2019-06-20 | CVE-2018-16118 | OS Command Injection vulnerability in Sophos Sfos A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | 9.3 |