Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-10 | CVE-2023-38034 | Command Injection vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. | 9.8 |
| 2023-08-09 | CVE-2023-39001 | Command Injection vulnerability in Opnsense A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | 9.8 |
| 2023-08-09 | CVE-2023-39008 | Command Injection vulnerability in Opnsense A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. | 9.8 |
| 2023-08-09 | CVE-2023-32781 | Command Injection vulnerability in Paessler Prtg Network Monitor A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. | 7.2 |
| 2023-08-09 | CVE-2023-32782 | Command Injection vulnerability in Paessler Prtg Network Monitor A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. | 7.2 |
| 2023-08-09 | CVE-2023-26310 | Command Injection vulnerability in Oppo Coloros 12.3 There is a command injection problem in the old version of the mobile phone backup app. | 9.8 |
| 2023-08-07 | CVE-2023-39523 | Command Injection vulnerability in Nexb Scancode.Io ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. | 8.8 |
| 2023-08-07 | CVE-2023-38921 | Command Injection vulnerability in Netgear Wag302V2 Firmware and Wg302V2 Firmware Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. | 8.8 |
| 2023-08-07 | CVE-2023-38928 | Command Injection vulnerability in Netgear R7100Lg Firmware 1.0.0.78 Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | 9.8 |
| 2023-08-04 | CVE-2023-38690 | Command Injection vulnerability in Matrix IRC Bridge matrix-appservice-irc is a Node.js IRC bridge for Matrix. | 9.8 |