Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-15 | CVE-2019-11224 | OS Command Injection vulnerability in Harman AMX Mvp5150 Firmware 2.87.13 HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. | 8.8 |
| 2019-05-15 | CVE-2019-1727 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. | 6.7 |
| 2019-05-15 | CVE-2019-1726 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. | 7.8 |
| 2019-05-15 | CVE-2013-7285 | OS Command Injection vulnerability in Xstream Project Xstream Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. | 9.8 |
| 2019-05-15 | CVE-2019-3727 | OS Command Injection vulnerability in Dell products Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. | 6.7 |
| 2019-05-15 | CVE-2019-3725 | OS Command Injection vulnerability in RSA Netwitness and Security Analytics RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. | 9.8 |
| 2019-05-14 | CVE-2018-14839 | OS Command Injection vulnerability in LG N1A1 Firmware 3718.510 LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. | 9.8 |
| 2019-05-13 | CVE-2019-3702 | OS Command Injection vulnerability in Lifesize products A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request. | 8.8 |
| 2019-05-13 | CVE-2018-19990 | OS Command Injection vulnerability in D-Link Dir-822 Firmware 202Krb06 In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. | 9.8 |
| 2019-05-13 | CVE-2018-19989 | OS Command Injection vulnerability in multiple products In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. | 9.8 |