Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-07 | CVE-2017-2917 | OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. | 8.8 |
| 2017-11-07 | CVE-2017-2890 | OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. | 8.8 |
| 2017-11-07 | CVE-2017-2866 | OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. | 8.8 |
| 2017-11-02 | CVE-2017-12243 | OS Command Injection vulnerability in Cisco products A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. | 7.8 |
| 2017-10-30 | CVE-2017-9377 | OS Command Injection vulnerability in Barco products A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. | 8.8 |
| 2017-10-27 | CVE-2017-15924 | OS Command Injection vulnerability in multiple products In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. | 7.8 |
| 2017-10-26 | CVE-2017-7341 | OS Command Injection vulnerability in Fortinet Fortiwlc An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests. | 7.2 |
| 2017-10-17 | CVE-2017-3761 | OS Command Injection vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. | 9.8 |
| 2017-10-13 | CVE-2017-6224 | OS Command Injection vulnerability in Ruckuswireless Unleashed Firmware and Zonedirector Firmware Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. | 8.8 |
| 2017-10-13 | CVE-2017-6223 | OS Command Injection vulnerability in Ruckus Zonedirector Firmware Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system. | 8.8 |