Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-21 | CVE-2023-37903 | OS Command Injection vulnerability in VM2 Project VM2 vm2 is an open source vm/sandbox for Node.js. | 10.0 |
| 2023-07-18 | CVE-2023-36670 | OS Command Injection vulnerability in Kratosdefense NGC Indoor Unit Firmware 9.1.0.4 A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. | 9.8 |
| 2023-07-18 | CVE-2023-37477 | OS Command Injection vulnerability in Fit2Cloud 1Panel 1Panel is an open source Linux server operation and maintenance management panel. | 8.8 |
| 2023-07-17 | CVE-2023-34139 | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device. | 8.8 |
| 2023-07-16 | CVE-2023-38378 | OS Command Injection vulnerability in Rigol Mso5000 Firmware 00.01.03.00.03 The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application. | 9.8 |
| 2023-07-13 | CVE-2023-37564 | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. | 8.0 |
| 2023-07-13 | CVE-2023-34127 | OS Command Injection vulnerability in Sonicwall Analytics and Global Management System Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. | 8.8 |
| 2023-07-11 | CVE-2023-23777 | OS Command Injection vulnerability in Fortinet Fortiweb An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters. | 7.2 |
| 2023-07-11 | CVE-2023-36922 | OS Command Injection vulnerability in SAP Netweaver Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. | 8.8 |
| 2023-07-10 | CVE-2021-42081 | OS Command Injection vulnerability in Osnexus Quantastor 4.3.0 An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. | 7.2 |