Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-18 | CVE-2018-0348 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
| 2018-07-17 | CVE-2018-14357 | OS Command Injection vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 9.8 |
| 2018-07-17 | CVE-2018-14354 | OS Command Injection vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 9.8 |
| 2018-07-17 | CVE-2018-0710 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 8.8 |
| 2018-07-17 | CVE-2018-0709 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 8.8 |
| 2018-07-17 | CVE-2018-0708 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 8.8 |
| 2018-07-17 | CVE-2018-0707 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 7.2 |
| 2018-07-16 | CVE-2018-0341 | OS Command Injection vulnerability in Cisco IP Phone Multiplatform Firmware 11.1(2) A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. | 8.8 |
| 2018-07-15 | CVE-2018-14060 | OS Command Injection vulnerability in MI Xiaomi R3D Firmware OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | 9.8 |
| 2018-07-15 | CVE-2018-14010 | OS Command Injection vulnerability in MI products OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | 9.8 |