Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-14 | CVE-2019-15027 | OS Command Injection vulnerability in Mediatek Mt6577 Firmware, Mt6625 Firmware and Mt8163 Firmware The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. | 9.8 |
| 2019-08-08 | CVE-2019-1960 | OS Command Injection vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. | 4.4 |
| 2019-08-08 | CVE-2019-1959 | OS Command Injection vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. | 4.4 |
| 2019-08-07 | CVE-2019-14744 | OS Command Injection vulnerability in multiple products In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. | 7.8 |
| 2019-08-06 | CVE-2019-14699 | OS Command Injection vulnerability in Microdigital products An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. | 9.8 |
| 2019-08-01 | CVE-2019-14260 | OS Command Injection vulnerability in Al-Enterprise 8008 Firmware 1.50.13 On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. | 8.0 |
| 2019-08-01 | CVE-2019-14259 | OS Command Injection vulnerability in Polycom Obihai Obi1022 Firmware 5.1.11 On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. | 8.0 |
| 2019-08-01 | CVE-2019-14337 | OS Command Injection vulnerability in Dlink 6600-Ap Firmware and Dwl-3600Ap Firmware An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. | 5.5 |
| 2019-07-29 | CVE-2019-1020004 | OS Command Injection vulnerability in Tridactyl Project Tridactyl 1.14.10/1.15.0 Tridactyl before 1.16.0 allows fake key events. | 7.5 |
| 2019-07-26 | CVE-2019-13638 | OS Command Injection vulnerability in multiple products GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. | 7.8 |