Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-31977 | OS Command Injection vulnerability in Adtran 834-5 Firmware and SDG Smartos Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. | 8.8 |
| 2024-07-24 | CVE-2024-39345 | OS Command Injection vulnerability in Adtran SDG Smartos AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. | 7.2 |
| 2024-07-22 | CVE-2024-39685 | OS Command Injection vulnerability in Fish.Audio Bert-Vits2 Bert-VITS2 is the VITS2 Backbone with multilingual bert. | 9.8 |
| 2024-07-22 | CVE-2024-39686 | OS Command Injection vulnerability in Fishaudio Bert-Vits2 Bert-VITS2 is the VITS2 Backbone with multilingual bert. | 9.8 |
| 2024-07-19 | CVE-2024-37066 | OS Command Injection vulnerability in Wyze CAM V4 Firmware A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process. | 8.8 |
| 2024-07-17 | CVE-2024-36475 | OS Command Injection vulnerability in Centurysys products FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. | 8.8 |
| 2024-07-17 | CVE-2024-36491 | OS Command Injection vulnerability in Centurysys products FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. | 9.8 |
| 2024-07-04 | CVE-2024-39943 | OS Command Injection vulnerability in Rejetto Http File Server rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). | 8.8 |
| 2024-07-01 | CVE-2024-20399 | OS Command Injection vulnerability in Cisco Nx-Os A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. | 6.7 |
| 2024-06-24 | CVE-2024-4748 | OS Command Injection vulnerability in J11G Cruddiy The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. | 7.8 |