Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-48667 | OS Command Injection vulnerability in Dell products Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. | 7.2 |
| 2023-12-14 | CVE-2023-48668 | OS Command Injection vulnerability in Dell Powerprotect Data Domain Management Center Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. | 6.7 |
| 2023-12-14 | CVE-2023-44277 | OS Command Injection vulnerability in Dell products Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. | 7.8 |
| 2023-12-13 | CVE-2023-6792 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | 6.3 |
| 2023-12-13 | CVE-2023-6795 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | 4.7 |
| 2023-12-12 | CVE-2023-46454 | OS Command Injection vulnerability in Gl-Inet Gl-Ar300M Firmware 4.3.7 In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. | 9.8 |
| 2023-12-12 | CVE-2023-49695 | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product. | 6.8 |
| 2023-12-12 | CVE-2022-48616 | OS Command Injection vulnerability in Huawei Ar617Vw Firmware V300R21C00Spc200 A Huawei data communication product has a command injection vulnerability. | 7.5 |
| 2023-12-09 | CVE-2023-47254 | OS Command Injection vulnerability in Draytek Vigor167 Firmware 5.2.2 An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. | 9.8 |
| 2023-12-08 | CVE-2023-46157 | OS Command Injection vulnerability in Mgt-Commerce Cloudpanel File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. | 8.8 |