Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-01-26 CVE-2023-38317 OS Command Injection vulnerability in Opennds
An issue was discovered in OpenNDS before 10.1.3.
network
low complexity
opennds CWE-78
critical
9.8
2024-01-26 CVE-2023-38318 OS Command Injection vulnerability in Opennds
An issue was discovered in OpenNDS before 10.1.3.
network
low complexity
opennds CWE-78
critical
9.8
2024-01-26 CVE-2023-38319 OS Command Injection vulnerability in Opennds
An issue was discovered in OpenNDS before 10.1.3.
network
low complexity
opennds CWE-78
critical
9.8
2024-01-26 CVE-2023-38323 OS Command Injection vulnerability in Opennds
An issue was discovered in OpenNDS before 10.1.3.
network
low complexity
opennds CWE-78
critical
9.8
2024-01-24 CVE-2024-22366 OS Command Injection vulnerability in Yamaha products
Active debug code exists in Yamaha wireless LAN access point devices.
low complexity
yamaha CWE-78
6.8
2024-01-24 CVE-2024-22372 OS Command Injection vulnerability in Elecom products
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
low complexity
elecom CWE-78
6.8
2024-01-24 CVE-2023-31037 OS Command Injection vulnerability in Nvidia Bluefield BMC
NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call.
network
low complexity
nvidia CWE-78
7.2
2024-01-23 CVE-2023-6926 OS Command Injection vulnerability in Crestron Am-300 Firmware 1.4499.00018
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.
local
low complexity
crestron CWE-78
7.8
2024-01-22 CVE-2024-0778 OS Command Injection vulnerability in Uniview ISC 2500-S Firmware 20210930
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930.
network
low complexity
uniview CWE-78
critical
9.8
2024-01-19 CVE-2023-49329 OS Command Injection vulnerability in Anomali Match 4.3/4.5.0/4.6.0
Anomali Match before 4.6.2 allows OS Command Injection.
network
low complexity
anomali CWE-78
7.2