Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-24 | CVE-2018-12237 | OS Command Injection vulnerability in Symantec Reporter The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. | 7.2 |
| 2019-01-24 | CVE-2019-1652 | OS Command Injection vulnerability in Cisco Rv320 Firmware and Rv325 Firmware A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. | 7.2 |
| 2019-01-24 | CVE-2019-1650 | OS Command Injection vulnerability in Cisco products A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. | 8.8 |
| 2019-01-24 | CVE-2018-17707 | OS Command Injection vulnerability in Epicgames Launcher This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Epic Games Launcher versions prior to 8.2.2. | 8.8 |
| 2019-01-23 | CVE-2019-1636 | OS Command Injection vulnerability in Cisco Webex Teams 3.0.4533 A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. | 7.8 |
| 2019-01-22 | CVE-2018-6444 | OS Command Injection vulnerability in multiple products A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. | 9.8 |
| 2019-01-18 | CVE-2019-6487 | OS Command Injection vulnerability in Tp-Link products TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field. | 8.8 |
| 2019-01-17 | CVE-2018-20727 | OS Command Injection vulnerability in Nedi Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php. | 8.8 |
| 2019-01-09 | CVE-2018-16200 | OS Command Injection vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands. | 8.8 |
| 2019-01-09 | CVE-2018-16195 | OS Command Injection vulnerability in NEC Aterm Wf1200Cr Firmware and Aterm Wg1200Cr Firmware Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. | 8.8 |