Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-09-06 CVE-2024-21898 OS Command Injection vulnerability in Qnap QTS and Quts Hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-78
8.8
2024-09-06 CVE-2024-21906 OS Command Injection vulnerability in Qnap QTS and Quts Hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-78
4.7
2024-09-05 CVE-2024-7591 OS Command Injection vulnerability in Kemptechnologies Loadmaster and Multi-Tenant Hypervisor Firmware
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above
network
low complexity
kemptechnologies CWE-78
7.2
2024-09-04 CVE-2024-20469 OS Command Injection vulnerability in Cisco Identity Services Engine 3.2/3.3
A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.
local
low complexity
cisco CWE-78
6.7
2024-09-04 CVE-2024-43405 OS Command Injection vulnerability in Projectdiscovery Nuclei
Nuclei is a vulnerability scanner powered by YAML based templates.
local
low complexity
projectdiscovery CWE-78
7.8
2024-09-03 CVE-2024-7261 OS Command Injection vulnerability in Zyxel products
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device.
network
low complexity
zyxel CWE-78
critical
9.8
2024-09-03 CVE-2024-42057 OS Command Injection vulnerability in Zyxel ZLD
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device.
network
high complexity
zyxel CWE-78
8.1
2024-09-03 CVE-2024-42059 OS Command Injection vulnerability in Zyxel ZLD
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed language file via FTP.
network
low complexity
zyxel CWE-78
7.2
2024-09-03 CVE-2024-42060 OS Command Injection vulnerability in Zyxel ZLD
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted internal user agreement file to the vulnerable device.
network
low complexity
zyxel CWE-78
7.2
2024-09-03 CVE-2024-7203 OS Command Injection vulnerability in Zyxel ZLD
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.
network
low complexity
zyxel CWE-78
7.2