Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-20 | CVE-2019-1878 | OS Command Injection vulnerability in Cisco Telepresence CE and Telepresence TC A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. | 8.8 |
| 2019-06-20 | CVE-2019-1623 | OS Command Injection vulnerability in Cisco Meeting Server A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. | 6.7 |
| 2019-06-19 | CVE-2018-16593 | OS Command Injection vulnerability in Sony products The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection. | 8.8 |
| 2019-06-19 | CVE-2018-16618 | OS Command Injection vulnerability in Vtech Storio MAX Firmware VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. | 9.8 |
| 2019-06-19 | CVE-2018-18472 | OS Command Injection vulnerability in Westerndigital MY Book Live Firmware Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. | 9.8 |
| 2019-06-18 | CVE-2018-18852 | OS Command Injection vulnerability in Cerio Dt-300N Firmware 1.1.12/1.1.6 Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018. | 8.8 |
| 2019-06-17 | CVE-2019-11410 | OS Command Injection vulnerability in Fusionpbx 4.4.3 app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host. | 7.2 |
| 2019-06-17 | CVE-2019-11409 | OS Command Injection vulnerability in Fusionpbx 4.4.3 app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. | 8.8 |
| 2019-06-17 | CVE-2019-12181 | OS Command Injection vulnerability in Solarwinds Serv-U FTP Server and Serv-U MFT Server A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. | 8.8 |
| 2019-06-15 | CVE-2019-12840 | OS Command Injection vulnerability in Webmin In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. | 8.8 |