Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-07-02 CVE-2019-13155 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-02 CVE-2019-13154 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-02 CVE-2019-13153 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-02 CVE-2019-13151 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-02 CVE-2019-13149 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-01 CVE-2019-7670 OS Command Injection vulnerability in Primasystems Flexair 2.3.38
Prima Systems FlexAir, Versions 2.3.38 and prior.
network
low complexity
primasystems CWE-78
7.2
7.2
2019-07-01 CVE-2019-13128 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B03
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03.
network
low complexity
dlink CWE-78
8.8
8.8
2019-06-30 CVE-2019-11829 OS Command Injection vulnerability in Synology Calendar
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.
network
low complexity
synology CWE-78
critical
 9.8
9.8
2019-06-28 CVE-2019-12997 OS Command Injection vulnerability in Icon Loopchain
In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable).
network
low complexity
icon CWE-78
8.8
8.8
2019-06-27 CVE-2019-3631 OS Command Injection vulnerability in Mcafee Enterprise Security Manager
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
network
low complexity
mcafee CWE-78
7.2
7.2