Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-18 | CVE-2019-1829 | OS Command Injection vulnerability in Cisco Aironet Access Point Firmware A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. | 6.7 |
| 2019-04-18 | CVE-2019-1725 | OS Command Injection vulnerability in Cisco Unified Computing System A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. | 5.5 |
| 2019-04-15 | CVE-2019-4202 | OS Command Injection vulnerability in IBM API Connect IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. | 10.0 |
| 2019-04-15 | CVE-2019-0232 | OS Command Injection vulnerability in Apache Tomcat When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. | 8.1 |
| 2019-04-12 | CVE-2019-10880 | OS Command Injection vulnerability in Xerox products Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). | 9.8 |
| 2019-04-11 | CVE-2019-3914 | OS Command Injection vulnerability in Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05 Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname. | 7.2 |
| 2019-04-10 | CVE-2019-5425 | OS Command Injection vulnerability in UI Edgeswitch X 1.1.0 In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root. | 8.8 |
| 2019-04-10 | CVE-2019-5424 | OS Command Injection vulnerability in UI Edgeswitch X 1.1.0 In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. | 8.8 |
| 2019-04-09 | CVE-2019-10631 | OS Command Injection vulnerability in Zyxel Nas326 Firmware 5.21 Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests. | 8.8 |
| 2019-04-08 | CVE-2019-11001 | OS Command Injection vulnerability in Reolink products On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. | 7.2 |