Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-10 | CVE-2018-14495 | OS Command Injection vulnerability in Vivotek Fd8136 Firmware 0301A Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. | 9.8 |
| 2019-07-10 | CVE-2018-14494 | OS Command Injection vulnerability in Vivotek Fd8136 Firmware 0301A Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. | 9.8 |
| 2019-07-08 | CVE-2019-13398 | OS Command Injection vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0 Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi. | 7.2 |
| 2019-07-06 | CVE-2019-1893 | OS Command Injection vulnerability in Cisco Enterprise NFV Infrastructure Software 3.9.1 A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. | 7.8 |
| 2019-07-03 | CVE-2018-14860 | OS Command Injection vulnerability in Odoo Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system. | 9.1 |
| 2019-07-03 | CVE-2018-11215 | OS Command Injection vulnerability in Cloudera Data Science Workbench Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. | 9.8 |
| 2019-07-02 | CVE-2019-6621 | OS Command Injection vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. | 7.2 |
| 2019-07-02 | CVE-2019-6620 | OS Command Injection vulnerability in F5 products On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user. | 7.2 |
| 2019-07-02 | CVE-2019-7256 | OS Command Injection vulnerability in Nortekcontrol products Linear eMerge E3-Series devices allow Command Injections. | 9.8 |
| 2019-07-02 | CVE-2019-7269 | OS Command Injection vulnerability in Nortekcontrol products Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. | 9.8 |