Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-3261 | OS Command Injection vulnerability in multiple products The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server. | 7.2 |
| 2023-08-09 | CVE-2022-48580 | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. | 8.8 |
| 2023-08-09 | CVE-2022-48581 | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. | 8.8 |
| 2023-08-09 | CVE-2022-48582 | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. | 8.8 |
| 2023-08-09 | CVE-2022-48583 | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command. | 8.8 |
| 2023-08-09 | CVE-2022-48584 | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command. | 8.8 |
| 2023-08-08 | CVE-2023-37569 | OS Command Injection vulnerability in Esds.Co Emagic Data Center Management This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. | 8.8 |
| 2023-08-04 | CVE-2023-33374 | OS Command Injection vulnerability in Connectedio Connected IO Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. | 9.8 |
| 2023-08-04 | CVE-2023-33377 | OS Command Injection vulnerability in Connectedio Connected IO Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | 9.8 |
| 2023-08-03 | CVE-2023-33364 | OS Command Injection vulnerability in Supremainc Biostar 2 An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server. | 8.8 |