Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-06 | CVE-2018-4061 | OS Command Injection vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 8.8 |
| 2019-05-03 | CVE-2019-1709 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. | 7.8 |
| 2019-05-03 | CVE-2019-1699 | OS Command Injection vulnerability in Cisco Firepower Management Center A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. | 7.8 |
| 2019-05-02 | CVE-2017-18372 | OS Command Injection vulnerability in multiple products The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. | 8.8 |
| 2019-05-02 | CVE-2017-18370 | OS Command Injection vulnerability in multiple products The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. | 8.8 |
| 2019-05-02 | CVE-2017-18369 | OS Command Injection vulnerability in Billion 5200W-T Firmware 1.02B The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. | 9.8 |
| 2019-05-02 | CVE-2017-18368 | OS Command Injection vulnerability in multiple products The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. | 9.8 |
| 2019-04-30 | CVE-2019-11627 | OS Command Injection vulnerability in multiple products gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. | 9.8 |
| 2019-04-30 | CVE-2019-3929 | OS Command Injection vulnerability in multiple products The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. | 9.8 |
| 2019-04-30 | CVE-2019-3926 | OS Command Injection vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. | 9.8 |