Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-11-30 CVE-2022-22984 Command Injection vulnerability in Snyk products
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342).
network
low complexity
snyk CWE-77
6.3
2022-11-29 CVE-2022-36962 Command Injection vulnerability in Solarwinds Orion Platform
SolarWinds Platform was susceptible to Command Injection.
network
low complexity
solarwinds CWE-77
7.2
2022-11-26 CVE-2022-45907 Command Injection vulnerability in Linuxfoundation Pytorch
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
network
low complexity
linuxfoundation CWE-77
critical
9.8
2022-11-25 CVE-2022-44843 Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.
network
low complexity
totolink CWE-77
critical
9.8
2022-11-25 CVE-2022-44844 Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.
network
low complexity
totolink CWE-77
critical
9.8
2022-11-25 CVE-2022-40282 Command Injection vulnerability in Belden Hirschmann Bat-C2 Firmware
The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection.
network
low complexity
belden CWE-77
8.8
2022-11-23 CVE-2022-44249 Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
network
low complexity
totolink CWE-77
critical
9.8
2022-11-23 CVE-2022-44250 Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.
network
low complexity
totolink CWE-77
critical
9.8
2022-11-23 CVE-2022-44251 Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
network
low complexity
totolink CWE-77
critical
9.8
2022-11-23 CVE-2022-44252 Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
network
low complexity
totolink CWE-77
critical
9.8