Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-28 | CVE-2019-12997 | OS Command Injection vulnerability in Icon Loopchain In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable). | 8.8 |
| 2019-06-27 | CVE-2019-3631 | OS Command Injection vulnerability in Mcafee Enterprise Security Manager Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | 7.2 |
| 2019-06-27 | CVE-2019-3630 | OS Command Injection vulnerability in Mcafee Enterprise Security Manager Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | 7.2 |
| 2019-06-27 | CVE-2019-5819 | OS Command Injection vulnerability in multiple products Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. | 7.8 |
| 2019-06-20 | CVE-2018-16118 | OS Command Injection vulnerability in Sophos Sfos A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | 8.1 |
| 2019-06-20 | CVE-2018-16117 | OS Command Injection vulnerability in Sophos Sfos A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter. | 8.8 |
| 2019-06-20 | CVE-2019-6962 | OS Command Injection vulnerability in Rdkcentral Rdkb Ccsppandm Rdkb201812171 A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. | 7.5 |
| 2019-06-20 | CVE-2019-1879 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |
| 2019-06-20 | CVE-2019-1878 | OS Command Injection vulnerability in Cisco Telepresence CE and Telepresence TC A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. | 8.8 |
| 2019-06-20 | CVE-2019-1623 | OS Command Injection vulnerability in Cisco Meeting Server A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. | 6.7 |