Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-06 | CVE-2023-25583 | OS Command Injection vulnerability in Milesight Ur32L Firmware 32.3.0.5 Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. | 7.2 |
| 2023-07-05 | CVE-2023-27198 | OS Command Injection vulnerability in Paxtechnology PAX A930 Firmware Paydroid7.1.1Virgov04.5.0220220722 PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. | 6.8 |
| 2023-07-05 | CVE-2023-36622 | OS Command Injection vulnerability in Loxone Miniserver GO GEN 2 Firmware The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter. | 7.2 |
| 2023-07-03 | CVE-2023-3314 | OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3 A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). | 8.8 |
| 2023-07-03 | CVE-2023-3313 | OS Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.3 An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands. | 7.8 |
| 2023-06-30 | CVE-2023-36143 | OS Command Injection vulnerability in Maxprintisp Maxlink 1200G Firmware 3.4.11E Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device. | 8.8 |
| 2023-06-29 | CVE-2022-44720 | OS Command Injection vulnerability in Ucopia Wireless Appliance Firmware An issue was discovered in Weblib Ucopia before 6.0.13. | 9.8 |
| 2023-06-29 | CVE-2023-26613 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05 An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. | 9.8 |
| 2023-06-28 | CVE-2023-3450 | OS Command Injection vulnerability in Ruijie Rg-Bcr860 Firmware 2.5.13 A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. | 7.2 |
| 2023-06-28 | CVE-2023-2625 | OS Command Injection vulnerability in ABB Txpert HUB Coretec 4 Firmware A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. | 8.0 |