Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-10 | CVE-2023-32568 | OS Command Injection vulnerability in Veritas Infoscale Operations Manager An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. | 7.2 |
| 2023-05-09 | CVE-2023-27407 | OS Command Injection vulnerability in Siemens Scalance Lpe9403 Firmware 2.0 A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). | 9.9 |
| 2023-05-05 | CVE-2023-30053 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | 9.8 |
| 2023-05-05 | CVE-2023-30054 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. | 9.8 |
| 2023-05-05 | CVE-2023-30013 | OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102/9.1.0U.6369B20230113 TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. | 9.8 |
| 2023-05-03 | CVE-2023-27999 | OS Command Injection vulnerability in Fortinet Fortiadc 7.1.0/7.1.1/7.2.0 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 7.8 |
| 2023-05-03 | CVE-2023-25826 | OS Command Injection vulnerability in Opentsdb Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. | 9.8 |
| 2023-05-02 | CVE-2023-29778 | OS Command Injection vulnerability in Gl-Inet Gl-Mt3000 Firmware 4.1.0 GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | 9.8 |
| 2023-05-01 | CVE-2023-22919 | OS Command Injection vulnerability in Zyxel Nbg6604 Firmware 1.01(Abir.0)C0 The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | 8.8 |
| 2023-04-27 | CVE-2023-28384 | OS Command Injection vulnerability in Myscada Mypro mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | 8.8 |