Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-24 | CVE-2019-3595 | OS Command Injection vulnerability in Mcafee Data Loss Prevention Endpoint Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. | 6.5 |
| 2019-07-24 | CVE-2019-1010179 | OS Command Injection vulnerability in Phkp Project Phkp PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). | 9.8 |
| 2019-07-23 | CVE-2019-1010200 | OS Command Injection vulnerability in Google Voice Builder Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). | 9.8 |
| 2019-07-22 | CVE-2019-12328 | OS Command Injection vulnerability in Atcom A10W Firmware 2.6.1A2421 A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request. | 8.8 |
| 2019-07-22 | CVE-2019-12324 | OS Command Injection vulnerability in Akuvox Sp-R50P Firmware 50.0.6.156 A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request. | 7.2 |
| 2019-07-19 | CVE-2019-12725 | OS Command Injection vulnerability in Zeroshell 3.9.0 Zeroshell 3.9.0 is prone to a remote command execution vulnerability. | 9.8 |
| 2019-07-19 | CVE-2019-1010245 | OS Command Injection vulnerability in Linuxfoundation Open Network Operating System The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. | 9.8 |
| 2019-07-17 | CVE-2019-13640 | OS Command Injection vulnerability in Qbittorrent In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed. | 9.8 |
| 2019-07-16 | CVE-2019-12992 | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). | 8.8 |
| 2019-07-16 | CVE-2019-12991 | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). | 8.8 |