Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-26 | CVE-2023-38673 | OS Command Injection vulnerability in Paddlepaddle PaddlePaddle before 2.5.0 has a command injection in fs.py. | 9.8 |
| 2023-07-24 | CVE-2023-38056 | OS Command Injection vulnerability in Otrs Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. | 7.2 |
| 2023-07-21 | CVE-2023-37903 | OS Command Injection vulnerability in VM2 Project VM2 vm2 is an open source vm/sandbox for Node.js. | 10.0 |
| 2023-07-21 | CVE-2023-37292 | OS Command Injection vulnerability in Hgiga Isherlock Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174. | 9.8 |
| 2023-07-18 | CVE-2023-36670 | OS Command Injection vulnerability in Kratosdefense NGC Indoor Unit Firmware 9.1.0.4 A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. | 9.8 |
| 2023-07-18 | CVE-2023-37477 | OS Command Injection vulnerability in Fit2Cloud 1Panel 1Panel is an open source Linux server operation and maintenance management panel. | 8.8 |
| 2023-07-18 | CVE-2020-36762 | OS Command Injection vulnerability in ONS RAS Collection Instrument A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. | 9.8 |
| 2023-07-17 | CVE-2023-33012 | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled. | 8.8 |
| 2023-07-17 | CVE-2023-34138 | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance. | 8.0 |
| 2023-07-17 | CVE-2023-34139 | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device. | 8.8 |