Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-01 | CVE-2023-20170 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-11-01 | CVE-2023-20175 | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 8.8 |
| 2023-10-31 | CVE-2023-43139 | OS Command Injection vulnerability in Franfinance 1.9.0 An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components. | 9.8 |
| 2023-10-30 | CVE-2023-47104 | OS Command Injection vulnerability in Vareille Tiny File Dialogs tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. | 9.8 |
| 2023-10-26 | CVE-2018-17879 | OS Command Injection vulnerability in Abus products An issue was discovered on certain ABUS TVIP cameras. | 9.8 |
| 2023-10-26 | CVE-2023-43208 | OS Command Injection vulnerability in Nextgen Mirth Connect NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. | 9.8 |
| 2023-10-25 | CVE-2023-20273 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. | 7.2 |
| 2023-10-23 | CVE-2023-33839 | OS Command Injection vulnerability in IBM Security Verify Governance 10.0/10.0.1 IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2023-10-23 | CVE-2023-43066 | OS Command Injection vulnerability in Dell products Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. | 7.8 |
| 2023-10-22 | CVE-2023-46306 | OS Command Injection vulnerability in Netmodule Router Software The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. | 6.6 |