Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-11 | CVE-2024-20483 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. | 7.2 |
| 2024-09-11 | CVE-2024-8686 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. | 7.2 |
| 2024-09-11 | CVE-2024-6091 | OS Command Injection vulnerability in Agpt Autogpt 0.5.1 A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. | 9.8 |
| 2024-09-10 | CVE-2024-8190 | OS Command Injection vulnerability in Ivanti Cloud Services Appliance 4.6 An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. | 7.2 |
| 2024-09-10 | CVE-2024-43385 | OS Command Injection vulnerability in Phoenixcontact products A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices. | 8.8 |
| 2024-09-10 | CVE-2024-43386 | OS Command Injection vulnerability in Phoenixcontact products A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices. | 8.8 |
| 2024-09-10 | CVE-2024-43387 | OS Command Injection vulnerability in Phoenixcontact products A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices. | 8.8 |
| 2024-09-10 | CVE-2024-7699 | OS Command Injection vulnerability in Phoenixcontact products An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data. | 8.8 |
| 2024-09-08 | CVE-2024-8574 | OS Command Injection vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220 A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. | 8.8 |
| 2024-09-06 | CVE-2024-44844 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6 DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. | 8.8 |