Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-1000220 | OS Command Injection vulnerability in Pidusage Project Pidusage soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution | 9.8 |
| 2017-11-17 | CVE-2017-1000219 | OS Command Injection vulnerability in Windows-Cpu Project Windows-Cpu 0.1.1/0.1.2 npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user | 9.8 |
| 2017-11-16 | CVE-2017-12305 | OS Command Injection vulnerability in Cisco IP Phone 8800 Series Firmware A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. | 6.7 |
| 2017-11-14 | CVE-2017-12636 | OS Command Injection vulnerability in Apache Couchdb CouchDB administrative users can configure the database server via HTTP(S). | 7.2 |
| 2017-11-13 | CVE-2017-1453 | OS Command Injection vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0 IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2017-11-08 | CVE-2017-16667 | OS Command Injection vulnerability in Backintime Project Backintime backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. | 7.8 |
| 2017-11-07 | CVE-2017-16641 | OS Command Injection vulnerability in Cacti 1.1.27 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | 7.2 |
| 2017-11-07 | CVE-2017-2917 | OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. | 8.8 |
| 2017-11-07 | CVE-2017-2890 | OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. | 8.8 |
| 2017-11-07 | CVE-2017-2866 | OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. | 8.8 |