Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-46421 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function. | 9.8 |
| 2023-10-25 | CVE-2023-46422 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function. | 9.8 |
| 2023-10-25 | CVE-2023-46423 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function. | 9.8 |
| 2023-10-25 | CVE-2023-46424 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116 TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function. | 9.8 |
| 2023-10-25 | CVE-2023-43510 | Command Injection vulnerability in Arubanetworks Clearpass Policy Manager A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. | 6.3 |
| 2023-10-25 | CVE-2023-46370 | Command Injection vulnerability in Tenda W18E Firmware 16.01.0.8(1576) Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. | 9.8 |
| 2023-10-25 | CVE-2023-46574 | Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.616520211012 An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. | 9.8 |
| 2023-10-25 | CVE-2023-5752 | Command Injection vulnerability in Pypa PIP When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). | 3.3 |
| 2023-10-21 | CVE-2023-38193 | Command Injection vulnerability in Superwebmailer 9.00.0.01710 An issue was discovered in SuperWebMailer 9.00.0.01710. | 8.8 |
| 2023-10-16 | CVE-2023-21413 | Command Injection vulnerability in Axis OS GoSecure on behalf of Genetec Inc. | 7.2 |