Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-11 | CVE-2023-36922 | OS Command Injection vulnerability in SAP Netweaver Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. | 8.8 |
| 2023-07-10 | CVE-2021-42081 | OS Command Injection vulnerability in Osnexus Quantastor 4.3.0 An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. | 7.2 |
| 2023-07-07 | CVE-2023-37170 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | 9.8 |
| 2023-07-07 | CVE-2023-37171 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | 9.8 |
| 2023-07-07 | CVE-2023-37172 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | 9.8 |
| 2023-07-07 | CVE-2023-37173 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | 9.8 |
| 2023-07-06 | CVE-2023-22371 | OS Command Injection vulnerability in Milesight Milesightvpn 2.0.2 An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. | 8.1 |
| 2023-07-06 | CVE-2023-22659 | OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. | 7.2 |
| 2023-07-06 | CVE-2023-23550 | OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. | 7.2 |
| 2023-07-06 | CVE-2023-24519 | OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. | 8.8 |