Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-25 | CVE-2024-4639 | Command Injection vulnerability in Moxa products OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. | 8.8 |
| 2024-06-25 | CVE-2024-4638 | Command Injection vulnerability in Moxa products OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. | 8.8 |
| 2024-06-09 | CVE-2024-37569 | Command Injection vulnerability in Mitel 6869I SIP Firmware An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. | 8.8 |
| 2024-06-09 | CVE-2024-37570 | Command Injection vulnerability in Mitel 6869I SIP Firmware 4.5.0.41 On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. | 8.8 |
| 2024-06-06 | CVE-2024-30368 | Command Injection vulnerability in A10Networks Advanced Core Operating System A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. | 8.8 |
| 2024-06-04 | CVE-2024-36604 | Command Injection vulnerability in Tenda O3 Firmware 1.0.0.12(3880) Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. | 9.8 |
| 2024-05-15 | CVE-2023-6321 | Command Injection vulnerability in multiple products A command injection vulnerability exists in the IOCTL that manages OTA updates. | 8.8 |
| 2024-05-14 | CVE-2024-34352 | Command Injection vulnerability in Fit2Cloud 1Panel 1Panel is an open source Linux server operation and maintenance management panel. | 7.5 |
| 2024-04-26 | CVE-2024-0740 | Command Injection vulnerability in Eclipse Target Management Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. | 9.8 |
| 2024-04-12 | CVE-2024-3400 | Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 10.0 |