Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-20459 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is due to a lack of input sanitization in the web-based management interface. | 7.2 |
| 2024-10-16 | CVE-2024-20461 | OS Command Injection vulnerability in Cisco ATA 191 Firmware and ATA 192 Firmware A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized. | 6.0 |
| 2024-10-13 | CVE-2024-9916 | OS Command Injection vulnerability in Usualtool Usualtoolcms 9.0 A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. | 9.8 |
| 2024-10-10 | CVE-2024-9793 | OS Command Injection vulnerability in Tenda Ac1206 Firmware 15.03.06.23 A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. | 9.8 |
| 2024-10-09 | CVE-2024-9463 | OS Command Injection vulnerability in Paloaltonetworks Expedition An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 7.5 |
| 2024-10-09 | CVE-2024-9464 | OS Command Injection vulnerability in Paloaltonetworks Expedition An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 6.5 |
| 2024-10-08 | CVE-2024-9380 | OS Command Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | 7.2 |
| 2024-10-08 | CVE-2024-8926 | OS Command Injection vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. | 8.8 |
| 2024-10-04 | CVE-2024-9054 | OS Command Injection vulnerability in Microchip Timeprovider 4100 Firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 8.8 |
| 2024-10-01 | CVE-2024-47608 | OS Command Injection vulnerability in Definetlynotai Logicytics Logicytics is designed to harvest and collect data for forensic analysis. | 9.8 |