Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-11005 | OS Command Injection vulnerability in Ivanti Connect Secure and Policy Secure Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-11006 | OS Command Injection vulnerability in Ivanti Connect Secure and Policy Secure Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-11007 | OS Command Injection vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-46890 | OS Command Injection vulnerability in Siemens Sinec INS 1.0 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). | 9.1 |
| 2024-11-12 | CVE-2024-8881 | OS Command Injection vulnerability in Zyxel products A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request. | 6.8 |
| 2024-11-11 | CVE-2024-11062 | OS Command Injection vulnerability in Dlink Dsl6740C Firmware The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | 7.2 |
| 2024-11-11 | CVE-2024-11063 | OS Command Injection vulnerability in Dlink Dsl6740C Firmware The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | 7.2 |
| 2024-11-11 | CVE-2024-11064 | OS Command Injection vulnerability in Dlink Dsl6740C Firmware The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | 7.2 |
| 2024-11-11 | CVE-2024-11065 | OS Command Injection vulnerability in Dlink Dsl6740C Firmware The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | 7.2 |
| 2024-11-08 | CVE-2024-45763 | OS Command Injection vulnerability in Dell Enterprise Sonic Distribution Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. | 7.2 |