Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-16 | CVE-2019-12988 | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). | 9.8 |
| 2019-07-16 | CVE-2019-12987 | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). | 9.8 |
| 2019-07-16 | CVE-2019-12986 | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). | 9.8 |
| 2019-07-16 | CVE-2019-12985 | OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). | 9.8 |
| 2019-07-16 | CVE-2019-1576 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os 9.0.0/9.0.1 Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. | 8.8 |
| 2019-07-14 | CVE-2019-13598 | OS Command Injection vulnerability in Getvera Vera Edge Firmware 1.7.4452 LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped. | 9.8 |
| 2019-07-14 | CVE-2019-13597 | OS Command Injection vulnerability in Sahipro Sahi PRO 8.0.0 _s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. | 9.8 |
| 2019-07-12 | CVE-2019-13567 | OS Command Injection vulnerability in Zoom The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. | 8.8 |
| 2019-07-12 | CVE-2019-13574 | OS Command Injection vulnerability in multiple products In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command. | 7.8 |
| 2019-07-11 | CVE-2019-12579 | OS Command Injection vulnerability in Londontrustmedia Private Internet Access VPN Client 82 A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. | 7.8 |