Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-45682 | OS Command Injection vulnerability in Millbeck Proroute H685T-W Firmware 3.2.334 There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. | 9.8 |
| 2024-09-15 | CVE-2024-8869 | OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5 A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. | 8.1 |
| 2024-09-11 | CVE-2024-20398 | OS Command Injection vulnerability in Cisco IOS XR A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. | 7.8 |
| 2024-09-11 | CVE-2024-20483 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. | 7.2 |
| 2024-09-11 | CVE-2024-8686 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. | 7.2 |
| 2024-09-11 | CVE-2024-6091 | OS Command Injection vulnerability in Agpt Autogpt 0.5.1 A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. | 9.8 |
| 2024-09-10 | CVE-2024-8190 | OS Command Injection vulnerability in Ivanti Cloud Services Appliance 4.6 An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. | 7.2 |
| 2024-09-10 | CVE-2024-43385 | OS Command Injection vulnerability in Phoenixcontact products A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices. | 8.8 |
| 2024-09-10 | CVE-2024-43386 | OS Command Injection vulnerability in Phoenixcontact products A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices. | 8.8 |
| 2024-09-10 | CVE-2024-43387 | OS Command Injection vulnerability in Phoenixcontact products A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices. | 8.8 |