Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-14 | CVE-2017-12636 | OS Command Injection vulnerability in Apache Couchdb CouchDB administrative users can configure the database server via HTTP(S). | 7.2 |
| 2017-11-13 | CVE-2017-1453 | OS Command Injection vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0 IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2017-11-08 | CVE-2017-16667 | OS Command Injection vulnerability in Backintime Project Backintime backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. | 7.8 |
| 2017-11-07 | CVE-2017-16641 | OS Command Injection vulnerability in Cacti 1.1.27 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | 7.2 |
| 2017-11-07 | CVE-2017-2917 | OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. | 8.8 |
| 2017-11-07 | CVE-2017-2890 | OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. | 8.8 |
| 2017-11-07 | CVE-2017-2866 | OS Command Injection vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. | 8.8 |
| 2017-11-02 | CVE-2017-12243 | OS Command Injection vulnerability in Cisco products A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. | 7.8 |
| 2017-10-30 | CVE-2017-9377 | OS Command Injection vulnerability in Barco products A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. | 8.8 |
| 2017-10-27 | CVE-2017-15924 | OS Command Injection vulnerability in multiple products In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. | 7.8 |