Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-20 | CVE-2019-4294 | OS Command Injection vulnerability in IBM Datapower Gateway and MQ Appliance IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. | 7.8 |
| 2019-08-20 | CVE-2019-3968 | OS Command Injection vulnerability in Open-Emr Openemr In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form. | 8.8 |
| 2019-08-16 | CVE-2019-5477 | OS Command Injection vulnerability in multiple products A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. | 9.8 |
| 2019-08-16 | CVE-2019-14923 | OS Command Injection vulnerability in Eyesofnetwork 5.10 EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. | 8.8 |
| 2019-08-16 | CVE-2018-20969 | OS Command Injection vulnerability in GNU Patch do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. | 7.8 |
| 2019-08-16 | CVE-2019-15107 | OS Command Injection vulnerability in Webmin An issue was discovered in Webmin <=1.920. | 9.8 |
| 2019-08-15 | CVE-2019-12792 | OS Command Injection vulnerability in Vestacp Control Panel 0.9.824 A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root. | 8.8 |
| 2019-08-15 | CVE-2019-3417 | OS Command Injection vulnerability in ZTE Zxhn F670 Firmware 1.1.10P3T18 All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. | 8.8 |
| 2019-08-14 | CVE-2019-14527 | OS Command Injection vulnerability in Netgear Mr1100 Firmware 12.05.05.00 An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. | 9.8 |
| 2019-08-14 | CVE-2019-12103 | OS Command Injection vulnerability in Tp-Link M7350 Firmware 1.0.16/151021/160330 The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability. | 9.8 |