Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-13 | CVE-2024-22461 | OS Command Injection vulnerability in Dell Recoverpoint for Virtual Machines 6.0 Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. | 8.8 |
| 2024-12-13 | CVE-2024-48008 | OS Command Injection vulnerability in Dell Recoverpoint for Virtual Machines 6.0 Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. | 6.5 |
| 2024-12-09 | CVE-2024-12358 | OS Command Injection vulnerability in Datax-Web Project Datax-Web 2.1.1 A vulnerability was found in WeiYe-Jing datax-web 2.1.1. | 8.8 |
| 2024-12-07 | CVE-2024-47115 | OS Command Injection vulnerability in IBM AIX and Vios IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. | 7.8 |
| 2024-12-04 | CVE-2024-51465 | IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2024-11-29 | CVE-2024-49803 | OS Command Injection vulnerability in IBM Security Verify Access IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2024-11-22 | CVE-2024-52723 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.1041B20240224 In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. | 9.8 |
| 2024-11-18 | CVE-2024-9474 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | 7.2 |
| 2024-11-15 | CVE-2022-20871 | A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. | 6.3 |
| 2024-11-12 | CVE-2024-32118 | OS Command Injection vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. | 6.7 |