Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-09-19 CVE-2024-9001 OS Command Injection vulnerability in Totolink T10 Firmware 4.1.8Cu.5207
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207.
network
low complexity
totolink CWE-78
8.8
2024-09-17 CVE-2024-8957 OS Command Injection vulnerability in Ptzoptics Pt30X-Ndi-Xx-G2 Firmware and Pt30X-Sdi Firmware
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue.
network
low complexity
ptzoptics CWE-78
critical
9.8
2024-09-17 CVE-2024-45682 OS Command Injection vulnerability in Millbeck Proroute H685T-W Firmware 3.2.334
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
network
low complexity
millbeck CWE-78
critical
9.8
2024-09-15 CVE-2024-8869 OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5.
network
high complexity
totolink CWE-78
8.1
2024-09-11 CVE-2024-20398 OS Command Injection vulnerability in Cisco IOS XR
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands.
local
low complexity
cisco CWE-78
7.8
2024-09-11 CVE-2024-20483 OS Command Injection vulnerability in Cisco IOS XR
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands.
network
low complexity
cisco CWE-78
7.2
2024-09-11 CVE-2024-8686 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.
network
low complexity
paloaltonetworks CWE-78
7.2
2024-09-11 CVE-2024-6091 OS Command Injection vulnerability in Agpt Autogpt 0.5.1
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings.
network
low complexity
agpt CWE-78
critical
9.8
2024-09-10 CVE-2024-8190 OS Command Injection vulnerability in Ivanti Cloud Services Appliance 4.6
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution.
network
low complexity
ivanti CWE-78
7.2
2024-09-10 CVE-2024-43385 OS Command Injection vulnerability in Phoenixcontact products
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.
network
low complexity
phoenixcontact CWE-78
8.8