Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-01 | CVE-2018-3910 | OS Command Injection vulnerability in Yitechnology YI Home and YI Home Camera Firmware An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. | 8.0 |
| 2018-10-30 | CVE-2018-16462 | OS Command Injection vulnerability in Apex-Publish-Static-Files Project Apex-Publish-Static-Files A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument. | 10.0 |
| 2018-10-30 | CVE-2018-16461 | OS Command Injection vulnerability in Libnmap Project Libnmap A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options. | 9.8 |
| 2018-10-30 | CVE-2018-14558 | OS Command Injection vulnerability in Tenda Ac10 Firmware, AC7 Firmware and AC9 Firmware An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). | 9.8 |
| 2018-10-29 | CVE-2018-18728 | OS Command Injection vulnerability in Tenda Ac15 Firmware, Ac18 Firmware and AC9 Firmware An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. | 9.8 |
| 2018-10-24 | CVE-2018-18638 | OS Command Injection vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0 A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. | 8.1 |
| 2018-10-24 | CVE-2018-15442 | OS Command Injection vulnerability in Cisco Webex Meetings Desktop and Webex Productivity Tools A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. | 7.8 |
| 2018-10-19 | CVE-2018-12670 | OS Command Injection vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection. | 9.8 |
| 2018-10-17 | CVE-2018-16232 | OS Command Injection vulnerability in Ipfire An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. | 8.8 |
| 2018-10-17 | CVE-2018-10823 | OS Command Injection vulnerability in Dlink products An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. | 8.8 |