Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2024-44845 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6 DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. | 8.8 |
| 2024-09-06 | CVE-2023-34974 | OS Command Injection vulnerability in Qnap QTS and Quts Hero An OS command injection vulnerability has been reported to affect several QNAP operating system versions. | 8.8 |
| 2024-09-06 | CVE-2023-34979 | OS Command Injection vulnerability in Qnap QTS and Quts Hero An OS command injection vulnerability has been reported to affect several QNAP operating system versions. | 7.2 |
| 2024-09-06 | CVE-2023-39300 | OS Command Injection vulnerability in Qnap QTS An OS command injection vulnerability has been reported to affect legacy QTS. | 7.2 |
| 2024-09-06 | CVE-2024-21898 | OS Command Injection vulnerability in Qnap QTS and Quts Hero An OS command injection vulnerability has been reported to affect several QNAP operating system versions. | 8.8 |
| 2024-09-06 | CVE-2024-21906 | OS Command Injection vulnerability in Qnap QTS and Quts Hero An OS command injection vulnerability has been reported to affect several QNAP operating system versions. | 4.7 |
| 2024-09-04 | CVE-2024-20469 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2/3.3 A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2024-09-04 | CVE-2024-43405 | OS Command Injection vulnerability in Projectdiscovery Nuclei Nuclei is a vulnerability scanner powered by YAML based templates. | 7.8 |
| 2024-09-03 | CVE-2024-7261 | OS Command Injection vulnerability in Zyxel products The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. | 9.8 |
| 2024-09-03 | CVE-2024-42057 | OS Command Injection vulnerability in Zyxel ZLD A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. | 8.1 |