Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-06 | CVE-2023-24582 | OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. | 8.8 |
| 2023-07-05 | CVE-2023-27198 | OS Command Injection vulnerability in Paxtechnology PAX A930 Firmware Paydroid7.1.1Virgov04.5.0220220722 PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. | 6.8 |
| 2023-07-05 | CVE-2023-36622 | OS Command Injection vulnerability in Loxone Miniserver GO GEN 2 Firmware The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter. | 7.2 |
| 2023-07-03 | CVE-2023-3314 | OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3 A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). | 8.8 |
| 2023-07-03 | CVE-2023-3313 | OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3 An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands. | 7.8 |
| 2023-06-30 | CVE-2023-36143 | OS Command Injection vulnerability in Maxprintisp Maxlink 1200G Firmware 3.4.11E Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device. | 8.8 |
| 2023-06-29 | CVE-2022-44720 | OS Command Injection vulnerability in Ucopia Wireless Appliance Firmware An issue was discovered in Weblib Ucopia before 6.0.13. | 9.8 |
| 2023-06-29 | CVE-2023-26613 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05 An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. | 9.8 |
| 2023-06-28 | CVE-2023-2625 | OS Command Injection vulnerability in ABB Txpert HUB Coretec 4 Firmware A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. | 8.0 |
| 2023-06-28 | CVE-2023-3333 | OS Command Injection vulnerability in NEC products Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. | 7.2 |