Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-28 | CVE-2023-3333 | OS Command Injection vulnerability in NEC products Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. | 7.2 |
| 2023-06-26 | CVE-2023-34420 | OS Command Injection vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. | 7.2 |
| 2023-06-26 | CVE-2023-30261 | OS Command Injection vulnerability in Openwb 1.6/1.7 Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request. | 9.8 |
| 2023-06-23 | CVE-2023-34254 | OS Command Injection vulnerability in Glpi-Project Glpi Agent The GLPI Agent is a generic management agent. | 7.2 |
| 2023-06-23 | CVE-2023-30258 | OS Command Injection vulnerability in Magnussolution Magnusbilling Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. | 9.8 |
| 2023-06-22 | CVE-2023-35174 | OS Command Injection vulnerability in Livebook Livebook is a web application for writing interactive and collaborative code notebooks. | 9.8 |
| 2023-06-21 | CVE-2023-24261 | OS Command Injection vulnerability in Gl-Inet Gl-E750 Firmware 3.215 A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request. | 7.2 |
| 2023-06-20 | CVE-2023-33869 | OS Command Injection vulnerability in Enphase Envoy Firmware D7.0.88 Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands. | 9.8 |
| 2023-06-19 | CVE-2023-27992 | OS Command Injection vulnerability in Zyxel Nas326 Firmware, Nas540 Firmware and Nas542 Firmware The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request. | 9.8 |
| 2023-06-16 | CVE-2022-48472 | OS Command Injection vulnerability in Huawei Bisheng-Wnm Firmware and Ota-Bisheng Firmware A Huawei printer has a system command injection vulnerability. | 9.8 |