Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-24 | CVE-2023-39834 | Command Injection vulnerability in Pbootcms PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. | 9.8 |
| 2023-08-22 | CVE-2020-22570 | Command Injection vulnerability in Memcached 1.6.0/1.6.1/1.6.2 Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. | 7.5 |
| 2023-08-22 | CVE-2023-23564 | Command Injection vulnerability in Geomatika Isigeo web 6.0 An issue was discovered in Geomatika IsiGeo Web 6.0. | 8.8 |
| 2023-08-22 | CVE-2023-4212 | Command Injection vulnerability in Trane products ?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. | 6.8 |
| 2023-08-21 | CVE-2023-39617 | Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2089B20211224/9.1.0Cu.2350B20230313 TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | 9.8 |
| 2023-08-21 | CVE-2023-39618 | Command Injection vulnerability in Totolink X5000R Firmware B20210419 TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface. | 9.8 |
| 2023-08-21 | CVE-2023-39809 | Command Injection vulnerability in Nvki Intelligent Broadband Subscriber Gateway 3.5 N.V.K.INTER CO., LTD. | 9.8 |
| 2023-08-18 | CVE-2023-4414 | Command Injection vulnerability in Byzoro Smart S85F A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230807. | 9.8 |
| 2023-08-17 | CVE-2023-38902 | Command Injection vulnerability in Ruijie products A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field. | 8.8 |
| 2023-08-17 | CVE-2023-2910 | Command Injection vulnerability in Asustor Data Master Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. | 8.8 |