Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2017-10832 | OS Command Injection vulnerability in Nippon-Antenna Scr02Hd Firmware 1.0.3.1000 "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2017-08-28 | CVE-2016-0634 | OS Command Injection vulnerability in GNU Bash 4.3 The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. | 7.5 |
| 2017-08-21 | CVE-2017-11366 | OS Command Injection vulnerability in Codiad components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. | 9.8 |
| 2017-08-18 | CVE-2017-10811 | OS Command Injection vulnerability in Buffalo Wcr-1166Ds Firmware 1.30 Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | 6.8 |
| 2017-08-17 | CVE-2017-6710 | OS Command Injection vulnerability in Cisco Virtual Network Function Element Manager 5.0.3/5.1.3 A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. | 8.1 |
| 2017-08-14 | CVE-2017-11150 | OS Command Injection vulnerability in Synology Office 2.2.01502/2.2.11506 Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. | 7.8 |
| 2017-08-06 | CVE-2017-12581 | OS Command Injection vulnerability in Electron GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. | 8.1 |
| 2017-08-02 | CVE-2017-2281 | OS Command Injection vulnerability in Iodata Wn-Ax1167Gr Firmware 3.00 WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2017-08-02 | CVE-2016-7844 | OS Command Injection vulnerability in Gigaccsecure Gigacc Office 2.3 GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template. | 5.5 |
| 2017-08-01 | CVE-2017-11381 | OS Command Injection vulnerability in Trendmicro Deep Discovery Director 1.1 A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | 9.8 |