Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-20 | CVE-2019-6962 | OS Command Injection vulnerability in Rdkcentral Rdkb Ccsppandm Rdkb201812171 A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. | 7.5 |
| 2019-06-20 | CVE-2019-1879 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |
| 2019-06-20 | CVE-2019-1878 | OS Command Injection vulnerability in Cisco Telepresence CE and Telepresence TC A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. | 8.8 |
| 2019-06-20 | CVE-2019-1623 | OS Command Injection vulnerability in Cisco Meeting Server A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. | 6.7 |
| 2019-06-19 | CVE-2018-16593 | OS Command Injection vulnerability in Sony products The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection. | 8.8 |
| 2019-06-19 | CVE-2018-16618 | OS Command Injection vulnerability in Vtech Storio MAX Firmware VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. | 9.8 |
| 2019-06-19 | CVE-2018-18472 | OS Command Injection vulnerability in Westerndigital MY Book Live Firmware Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. | 9.8 |
| 2019-06-18 | CVE-2018-18852 | OS Command Injection vulnerability in Cerio Dt-300N Firmware 1.1.12/1.1.6 Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018. | 8.8 |
| 2019-06-17 | CVE-2019-11410 | OS Command Injection vulnerability in Fusionpbx 4.4.3 app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host. | 7.2 |
| 2019-06-17 | CVE-2019-11409 | OS Command Injection vulnerability in Fusionpbx 4.4.3 app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. | 8.8 |