Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-14 | CVE-2023-28343 | OS Command Injection vulnerability in Apsystems Energy Communication Unit Firmware C1.2.5 OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php. | 9.8 |
| 2023-03-13 | CVE-2023-25279 | OS Command Injection vulnerability in Dlink Dir-820L Firmware 105B03 OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. | 9.8 |
| 2023-03-13 | CVE-2023-24762 | OS Command Injection vulnerability in Dlink Dir-867 Firmware 1.30B07 OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1. | 9.8 |
| 2023-03-09 | CVE-2023-27985 | OS Command Injection vulnerability in GNU Emacs 28.1/28.2 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. | 7.8 |
| 2023-03-08 | CVE-2023-1277 | OS Command Injection vulnerability in Ubuntukylin Kylin-System-Updater 1.4.20Kord A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. | 7.8 |
| 2023-03-08 | CVE-2023-25395 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules. | 9.8 |
| 2023-03-07 | CVE-2022-39951 | OS Command Injection vulnerability in Fortinet Fortiweb A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 8.8 |
| 2023-03-03 | CVE-2023-26213 | OS Command Injection vulnerability in Barracuda products On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. | 7.2 |
| 2023-03-01 | CVE-2023-20075 | OS Command Injection vulnerability in Cisco Email Security Appliance Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. | 6.7 |
| 2023-02-27 | CVE-2023-26759 | OS Command Injection vulnerability in Smeup ERP Tokyov6R1M220406 Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. | 8.8 |