Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-26 | CVE-2017-7341 | OS Command Injection vulnerability in Fortinet Fortiwlc An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests. | 7.2 |
| 2017-10-17 | CVE-2017-3761 | OS Command Injection vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. | 9.8 |
| 2017-10-13 | CVE-2017-6224 | OS Command Injection vulnerability in Ruckuswireless Unleashed Firmware and Zonedirector Firmware Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. | 8.8 |
| 2017-10-13 | CVE-2017-6223 | OS Command Injection vulnerability in Ruckus Zonedirector Firmware Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system. | 8.8 |
| 2017-10-10 | CVE-2017-15226 | OS Command Injection vulnerability in Zyxel Nbg6716 Firmware 1.00(Aakg.9)C0 Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. | 9.8 |
| 2017-10-05 | CVE-2017-1000116 | OS Command Injection vulnerability in multiple products Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | 9.8 |
| 2017-10-03 | CVE-2017-11322 | OS Command Injection vulnerability in Ucopia Wireless Appliance The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. | 8.2 |
| 2017-10-03 | CVE-2017-11321 | OS Command Injection vulnerability in Ucopia Wireless Appliance 5.1.7 The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. | 7.2 |
| 2017-09-29 | CVE-2017-14867 | OS Command Injection vulnerability in multiple products Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. | 8.8 |
| 2017-09-26 | CVE-2017-14001 | OS Command Injection vulnerability in Digium Asterisk GUI 2.1.0 An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. | 8.8 |