Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-04 | CVE-2023-33374 | OS Command Injection vulnerability in Connectedio Connected IO Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. | 9.8 |
| 2023-08-04 | CVE-2023-33377 | OS Command Injection vulnerability in Connectedio Connected IO Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | 9.8 |
| 2023-08-03 | CVE-2023-33364 | OS Command Injection vulnerability in Supremainc Biostar 2 An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server. | 8.8 |
| 2023-08-01 | CVE-2023-31425 | OS Command Injection vulnerability in Broadcom Fabric Operating System 9.1.0 A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. | 7.8 |
| 2023-07-31 | CVE-2023-35861 | OS Command Injection vulnerability in Supermicro products A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. | 9.8 |
| 2023-07-31 | CVE-2023-35019 | OS Command Injection vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2023-07-30 | CVE-2023-37213 | OS Command Injection vulnerability in Synel Synergy/A Firmware Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection' | 9.8 |
| 2023-07-26 | CVE-2023-38673 | OS Command Injection vulnerability in Paddlepaddle PaddlePaddle before 2.5.0 has a command injection in fs.py. | 9.8 |
| 2023-07-24 | CVE-2023-38056 | OS Command Injection vulnerability in Otrs Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. | 7.2 |
| 2023-07-21 | CVE-2023-37903 | OS Command Injection vulnerability in VM2 Project VM2 vm2 is an open source vm/sandbox for Node.js. | 10.0 |