Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2024-47901 | OS Command Injection vulnerability in Siemens products A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). | 9.8 |
| 2024-10-21 | CVE-2024-10202 | OS Command Injection vulnerability in Wellchoose Administrative Management System Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | 8.8 |
| 2024-10-18 | CVE-2024-10119 | OS Command Injection vulnerability in ZTE Wrtm326 Firmware The wireless router WRTM326 from SECOM does not properly validate a specific parameter. | 9.8 |
| 2024-10-18 | CVE-2024-10118 | SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. | 9.8 |
| 2024-10-17 | CVE-2005-10003 | OS Command Injection vulnerability in Mikexstudios Xcomic A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. | 9.8 |
| 2024-10-16 | CVE-2024-20458 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication on specific HTTP endpoints. | 8.2 |
| 2024-10-16 | CVE-2024-20459 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is due to a lack of input sanitization in the web-based management interface. | 7.2 |
| 2024-10-16 | CVE-2024-20461 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized. | 6.0 |
| 2024-10-13 | CVE-2024-9916 | OS Command Injection vulnerability in Usualtool Usualtoolcms 9.0 A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. | 9.8 |
| 2024-10-10 | CVE-2024-9793 | OS Command Injection vulnerability in Tenda Ac1206 Firmware 15.03.06.23 A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. | 9.8 |