Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-05-27 CVE-2024-5400 Openfind Mail2000 does not properly filter parameters of specific CGI.
network
low complexity
CWE-78
8.8
8.8
2024-05-27 CVE-2024-5399 Openfind Mail2000 does not properly filter parameters of specific API.
network
low complexity
CWE-78
7.2
7.2
2024-05-16 CVE-2024-30314 Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker.
local
low complexity
CWE-78
8.2
8.2
2024-04-29 CVE-2024-4299 The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands.
network
low complexity
CWE-78
7.2
7.2
2024-04-29 CVE-2024-4301 N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability.
network
low complexity
CWE-78
8.8
8.8
2024-04-24 CVE-2024-20358 OS Command Injection vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges.
local
low complexity
cisco CWE-78
6.7
6.7
2024-04-17 CVE-2023-39367 An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU).
network
low complexity
CWE-78
critical
 9.1
9.1
2024-04-09 CVE-2023-1082 An remote attacker with low privileges can perform a command injection which can lead to root access.
network
low complexity
CWE-78
8.8
8.8
2024-03-24 CVE-2024-2854 OS Command Injection vulnerability in Tenda Ac18 Firmware 15.03.05.05
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2024-03-24 CVE-2024-2853 OS Command Injection vulnerability in Tenda Ac10U Firmware 15.03.06.48/15.03.06.49
A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49.
network
low complexity
tenda CWE-78
critical
 9.8
9.8