Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-19 | CVE-2024-42633 | OS Command Injection vulnerability in Linksys E1500 Firmware 1.0.06.001 A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. | 8.8 |
| 2024-08-14 | CVE-2024-39401 | OS Command Injection vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. | 8.4 |
| 2024-08-14 | CVE-2024-39402 | OS Command Injection vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. | 8.4 |
| 2024-08-13 | CVE-2022-27486 | OS Command Injection vulnerability in Fortinet Fortiddos and Fortiddos-F A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root` via `execute` CLI commands. | 7.8 |
| 2024-08-13 | CVE-2024-42737 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. | 8.8 |
| 2024-08-13 | CVE-2024-42738 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. | 8.8 |
| 2024-08-13 | CVE-2024-42739 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. | 8.8 |
| 2024-08-12 | CVE-2024-42741 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. | 8.8 |
| 2024-08-12 | CVE-2024-42742 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. | 8.8 |
| 2024-08-12 | CVE-2024-42743 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113 In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . | 8.8 |