Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-18 | CVE-2024-10118 | SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. | 9.8 |
2024-10-17 | CVE-2005-10003 | OS Command Injection vulnerability in Mikexstudios Xcomic A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. | 9.8 |
2024-10-16 | CVE-2024-20458 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication on specific HTTP endpoints. | 8.2 |
2024-10-16 | CVE-2024-20459 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is due to a lack of input sanitization in the web-based management interface. | 7.2 |
2024-10-16 | CVE-2024-20461 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized. | 6.0 |
2024-10-13 | CVE-2024-9916 | OS Command Injection vulnerability in Usualtool Usualtoolcms 9.0 A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. | 9.8 |
2024-10-10 | CVE-2024-9793 | OS Command Injection vulnerability in Tenda Ac1206 Firmware 15.03.06.23 A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. | 9.8 |
2024-10-09 | CVE-2024-9463 | OS Command Injection vulnerability in Paloaltonetworks Expedition An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 7.5 |
2024-10-09 | CVE-2024-9464 | OS Command Injection vulnerability in Paloaltonetworks Expedition An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 6.5 |
2024-10-08 | CVE-2024-9380 | OS Command Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | 7.2 |