Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-19239 | OS Command Injection vulnerability in Trendnet Tew-673Gru Firmware 1.00B40 TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. | 7.2 |
| 2018-12-20 | CVE-2018-15722 | OS Command Injection vulnerability in Logitech Harmony HUB Firmware The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. | 8.1 |
| 2018-12-20 | CVE-2018-1000885 | OS Command Injection vulnerability in Phkp Project Phkp PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. | 9.8 |
| 2018-12-17 | CVE-2018-18555 | OS Command Injection vulnerability in Vyos 1.1.8 A sandbox escape issue was discovered in VyOS 1.1.8. | 9.9 |
| 2018-12-14 | CVE-2018-19007 | OS Command Injection vulnerability in Geutebrueck products In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. | 9.8 |
| 2018-12-11 | CVE-2018-20057 | OS Command Injection vulnerability in D-Link Dir-605L Firmware and Dir-619L Firmware An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. | 8.8 |
| 2018-12-06 | CVE-2018-19660 | OS Command Injection vulnerability in Moxa Nport W2X50A Firmware 1.11 An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. | 8.8 |
| 2018-12-06 | CVE-2018-19659 | OS Command Injection vulnerability in Moxa Nport W2X50A Firmware 1.11 An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. | 8.8 |
| 2018-12-06 | CVE-2018-19908 | OS Command Injection vulnerability in Misp An issue was discovered in MISP 2.4.9x before 2.4.99. | 8.8 |
| 2018-12-06 | CVE-2018-19907 | OS Command Injection vulnerability in Craftercms Crafter CMS A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. | 8.8 |