Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-13 | CVE-2019-5029 | OS Command Injection vulnerability in Exhibitor Project Exhibitor An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. | 9.8 |
| 2019-11-13 | CVE-2019-18839 | OS Command Injection vulnerability in Fudforum 3.0.9 FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. | 9.0 |
| 2019-11-12 | CVE-2019-18873 | OS Command Injection vulnerability in Fudforum 3.0.9 FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. | 9.0 |
| 2019-11-06 | CVE-2019-8159 | OS Command Injection vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 8.8 |
| 2019-11-01 | CVE-2019-15588 | OS Command Injection vulnerability in Sonatype Nexus Repository Manager There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). | 7.2 |
| 2019-10-31 | CVE-2019-18396 | OS Command Injection vulnerability in Technicolor Td5130V2 Firmware Oifwv20 An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. | 7.2 |
| 2019-10-31 | CVE-2019-15710 | OS Command Injection vulnerability in Fortiguard Fortiextender Firmware 4.1.1 An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands. | 7.2 |
| 2019-10-31 | CVE-2013-2024 | OS Command Injection vulnerability in multiple products OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. | 8.8 |
| 2019-10-31 | CVE-2019-18424 | OS Command Injection vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. | 6.8 |
| 2019-10-28 | CVE-2019-14931 | OS Command Injection vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 9.8 |