Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-25 | CVE-2024-41473 | OS Command Injection vulnerability in Tendacn Fh1201 Firmware 1.2.0.14 Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac | 9.8 |
| 2024-07-24 | CVE-2024-41136 | OS Command Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. | 8.8 |
| 2024-07-24 | CVE-2024-31977 | OS Command Injection vulnerability in Adtran 834-5 Firmware and SDG Smartos Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. | 8.8 |
| 2024-07-24 | CVE-2024-39345 | OS Command Injection vulnerability in Adtran SDG Smartos AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. | 7.2 |
| 2024-07-22 | CVE-2024-39685 | OS Command Injection vulnerability in Fish.Audio Bert-Vits2 Bert-VITS2 is the VITS2 Backbone with multilingual bert. | 9.8 |
| 2024-07-22 | CVE-2024-39686 | OS Command Injection vulnerability in Fishaudio Bert-Vits2 Bert-VITS2 is the VITS2 Backbone with multilingual bert. | 9.8 |
| 2024-07-19 | CVE-2024-37066 | OS Command Injection vulnerability in Wyze CAM V4 Firmware A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process. | 8.8 |
| 2024-07-17 | CVE-2024-36475 | OS Command Injection vulnerability in Centurysys products FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. | 8.8 |
| 2024-07-17 | CVE-2024-36491 | OS Command Injection vulnerability in Centurysys products FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. | 9.8 |
| 2024-07-04 | CVE-2024-39943 | OS Command Injection vulnerability in Rejetto Http File Server rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). | 8.8 |