Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-21880 OS Command Injection vulnerability in Enphase IQ Gateway Firmware
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x
network
low complexity
enphase CWE-78
7.2
2024-08-12 CVE-2024-42166 OS Command Injection vulnerability in Fiware Keyrock
The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly.
network
low complexity
fiware CWE-78
7.2
2024-08-12 CVE-2024-42167 OS Command Injection vulnerability in Fiware Keyrock
The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly.
network
low complexity
fiware CWE-78
7.2
2024-08-07 CVE-2024-7580 OS Command Injection vulnerability in Alientechnology Alr-F800 Firmware
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00.
network
low complexity
alientechnology CWE-78
critical
9.8
2024-08-07 CVE-2024-7579 OS Command Injection vulnerability in Alientechnology Alr-F800 Firmware
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00.
network
low complexity
alientechnology CWE-78
8.8
2024-08-06 CVE-2024-23483 OS Command Injection vulnerability in Zscaler Client Connector
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.
network
low complexity
zscaler CWE-78
critical
9.8
2024-08-06 CVE-2024-39228 OS Command Injection vulnerability in Gl-Inet products
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config.
network
low complexity
gl-inet CWE-78
critical
9.8
2024-08-05 CVE-2024-7469 OS Command Injection vulnerability in Raisecom products
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90.
network
low complexity
raisecom CWE-78
critical
9.8
2024-08-05 CVE-2024-7470 OS Command Injection vulnerability in Raisecom products
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90.
network
low complexity
raisecom CWE-78
critical
9.8
2024-08-05 CVE-2024-7467 OS Command Injection vulnerability in Raisecom products
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical.
network
low complexity
raisecom CWE-78
critical
9.8