Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-11-21 CVE-2019-17650 OS Command Injection vulnerability in Fortinet Forticlient
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.
local
low complexity
fortinet CWE-78
7.8
7.8
2019-11-19 CVE-2019-18934 OS Command Injection vulnerability in multiple products
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer.
network
low complexity
nlnetlabs fedoraproject opensuse CWE-78
7.3
7.3
2019-11-18 CVE-2019-19117 OS Command Injection vulnerability in Phicomm K2(Psg1218) Firmware 22.5.9.163
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
network
low complexity
phicomm CWE-78
8.8
8.8
2019-11-17 CVE-2019-19041 OS Command Injection vulnerability in Xorur Lpar2Rrd and Stor2Rrd
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41.
network
low complexity
xorur CWE-78
7.2
7.2
2019-11-14 CVE-2019-15800 OS Command Injection vulnerability in Zyxel products
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0.
network
low complexity
zyxel CWE-78
critical
 9.8
9.8
2019-11-14 CVE-2019-15351 OS Command Injection vulnerability in Tecno-Mobile Tecno/H622/Tecno-Id5B:8.1.0/O11019/G-180829V31:User/Release-Keys Firmware
The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11).
local
low complexity
tecno-mobile CWE-78
7.8
7.8
2019-11-14 CVE-2019-15348 OS Command Injection vulnerability in Tecno-Mobile Tecno/H612/Tecno-Id5A:8.1.0/O11019/F-180828V106:User/Release-Keys Firmware
The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11).
local
low complexity
tecno-mobile CWE-78
7.8
7.8
2019-11-14 CVE-2019-15347 OS Command Injection vulnerability in Tecno-Mobile Camon Iclick 2 Firmware
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11).
local
low complexity
tecno-mobile CWE-78
7.8
7.8
2019-11-14 CVE-2019-15343 OS Command Injection vulnerability in Tecno-Mobile Camon Iclick Firmware
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8).
local
low complexity
tecno-mobile CWE-78
7.8
7.8
2019-11-14 CVE-2019-15342 OS Command Injection vulnerability in Tecno-Mobile Camon Iair 2+ Firmware
The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11).
local
low complexity
tecno-mobile CWE-78
7.8
7.8