Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-09-06 CVE-2024-44844 OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
network
low complexity
draytek CWE-78
8.8
2024-09-06 CVE-2024-44845 OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
network
low complexity
draytek CWE-78
8.8
2024-09-06 CVE-2023-34974 OS Command Injection vulnerability in Qnap QTS and Quts Hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-78
8.8
2024-09-06 CVE-2023-34979 OS Command Injection vulnerability in Qnap QTS and Quts Hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-78
7.2
2024-09-06 CVE-2023-39300 OS Command Injection vulnerability in Qnap QTS
An OS command injection vulnerability has been reported to affect legacy QTS.
network
low complexity
qnap CWE-78
7.2
2024-09-06 CVE-2024-21898 OS Command Injection vulnerability in Qnap QTS and Quts Hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-78
8.8
2024-09-06 CVE-2024-21906 OS Command Injection vulnerability in Qnap QTS and Quts Hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-78
4.7
2024-09-05 CVE-2024-7591 OS Command Injection vulnerability in Kemptechnologies Loadmaster and Multi-Tenant Hypervisor Firmware
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above
network
low complexity
kemptechnologies CWE-78
7.2
2024-09-04 CVE-2024-20469 OS Command Injection vulnerability in Cisco Identity Services Engine 3.2/3.3
A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.
local
low complexity
cisco CWE-78
6.7
2024-09-04 CVE-2024-43405 OS Command Injection vulnerability in Projectdiscovery Nuclei
Nuclei is a vulnerability scanner powered by YAML based templates.
local
low complexity
projectdiscovery CWE-78
7.8