Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-12 | CVE-2019-10880 | OS Command Injection vulnerability in Xerox products Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). | 9.8 |
| 2019-04-11 | CVE-2019-3914 | OS Command Injection vulnerability in Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05 Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname. | 7.2 |
| 2019-04-10 | CVE-2019-5425 | OS Command Injection vulnerability in UI Edgeswitch X 1.1.0 In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root. | 8.8 |
| 2019-04-10 | CVE-2019-5424 | OS Command Injection vulnerability in UI Edgeswitch X 1.1.0 In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. | 8.8 |
| 2019-04-09 | CVE-2019-10631 | OS Command Injection vulnerability in Zyxel Nas326 Firmware 5.21 Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests. | 8.8 |
| 2019-04-08 | CVE-2019-11001 | OS Command Injection vulnerability in Reolink products On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. | 7.2 |
| 2019-04-05 | CVE-2019-6552 | OS Command Injection vulnerability in Advantech Webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. | 9.8 |
| 2019-04-01 | CVE-2019-9193 | OS Command Injection vulnerability in Postgresql In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. | 7.2 |
| 2019-04-01 | CVE-2018-17990 | OS Command Injection vulnerability in Dlink Dsl-3782 Firmware 1.01 An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. | 8.8 |
| 2019-04-01 | CVE-2018-17565 | OS Command Injection vulnerability in Grandstream products Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell. | 9.8 |