Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-07-19 CVE-2019-1010245 OS Command Injection vulnerability in Linuxfoundation Open Network Operating System
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation.
network
low complexity
linuxfoundation CWE-78
critical
9.8
2019-07-17 CVE-2019-13640 OS Command Injection vulnerability in Qbittorrent
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.
network
low complexity
qbittorrent CWE-78
critical
9.8
2019-07-16 CVE-2019-12992 OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
network
low complexity
citrix CWE-78
8.8
2019-07-16 CVE-2019-12991 OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
network
low complexity
citrix CWE-78
8.8
2019-07-16 CVE-2019-12988 OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
network
low complexity
citrix CWE-78
critical
9.8
2019-07-16 CVE-2019-12987 OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
network
low complexity
citrix CWE-78
critical
9.8
2019-07-16 CVE-2019-12986 OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
network
low complexity
citrix CWE-78
critical
9.8
2019-07-16 CVE-2019-12985 OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
network
low complexity
citrix CWE-78
critical
9.8
2019-07-16 CVE-2019-1576 OS Command Injection vulnerability in Paloaltonetworks Pan-Os 9.0.0/9.0.1/9.0.2
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions.
network
low complexity
paloaltonetworks CWE-78
8.8
2019-07-14 CVE-2019-13598 OS Command Injection vulnerability in Getvera Vera Edge Firmware 1.7.4452
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.
network
low complexity
getvera CWE-78
critical
9.8