Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-07 | CVE-2018-4010 | OS Command Injection vulnerability in Protonvpn 1.5.1 An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. | 7.8 |
| 2018-09-07 | CVE-2018-3952 | OS Command Injection vulnerability in Nordvpn 6.14.28.0 An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. | 8.8 |
| 2018-09-07 | CVE-2018-0643 | OS Command Injection vulnerability in multiple products Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | 6.6 |
| 2018-09-06 | CVE-2018-15726 | OS Command Injection vulnerability in Pulsesecure Pulse Secure Desktop Client The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. | 5.3 |
| 2018-09-06 | CVE-2018-1000666 | OS Command Injection vulnerability in multiple products GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. | 9.8 |
| 2018-09-05 | CVE-2018-16146 | OS Command Injection vulnerability in Opsview 5.4.0/5.4.1 The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. | 7.2 |
| 2018-09-05 | CVE-2018-16144 | OS Command Injection vulnerability in Opsview The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter. | 9.8 |
| 2018-09-03 | CVE-2018-16408 | OS Command Injection vulnerability in D-Link Dir-846 Firmware 100.26 D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. | 7.2 |
| 2018-09-02 | CVE-2018-16334 | OS Command Injection vulnerability in Tendacn Ac10 Firmware and AC9 Firmware An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. | 8.8 |
| 2018-08-30 | CVE-2018-15477 | OS Command Injection vulnerability in Mystrom Wifi Switch Firmware 2.31 myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. | 9.8 |