Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-41136 | OS Command Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. | 8.8 |
| 2024-07-24 | CVE-2024-31977 | OS Command Injection vulnerability in Adtran 834-5 Firmware and SDG Smartos Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. | 8.8 |
| 2024-07-24 | CVE-2024-39345 | OS Command Injection vulnerability in Adtran SDG Smartos AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. | 7.2 |
| 2024-07-24 | CVE-2024-7066 | OS Command Injection vulnerability in F-Logic Datacube3 Firmware A vulnerability was found in F-logic DataCube3 1.0. | 9.8 |
| 2024-07-22 | CVE-2024-39685 | OS Command Injection vulnerability in Fish.Audio Bert-Vits2 Bert-VITS2 is the VITS2 Backbone with multilingual bert. | 9.8 |
| 2024-07-22 | CVE-2024-39686 | OS Command Injection vulnerability in Fishaudio Bert-Vits2 Bert-VITS2 is the VITS2 Backbone with multilingual bert. | 9.8 |
| 2024-07-19 | CVE-2024-37066 | OS Command Injection vulnerability in Wyze CAM V4 Firmware A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process. | 8.8 |
| 2024-07-17 | CVE-2024-36475 | OS Command Injection vulnerability in Centurysys products FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. | 8.8 |
| 2024-07-17 | CVE-2024-36491 | OS Command Injection vulnerability in Centurysys products FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. | 9.8 |
| 2024-07-11 | CVE-2024-39520 | OS Command Injection vulnerability in Juniper Junos OS Evolved An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * All version before 20.4R3-S6-EVO, * 21.2-EVO versions before 21.2R3-S4-EVO, * 21.4-EVO versions before 21.4R3-S6-EVO, * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO. | 7.8 |