Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-37679 | Command Injection vulnerability in Nextgen Mirth Connect 4.3.0 A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. | 9.8 |
| 2023-08-02 | CVE-2023-26317 | Command Injection vulnerability in MI Xiaomi Router Firmware Xiaomi routers have an external interface that can lead to command injection. | 9.8 |
| 2023-08-02 | CVE-2023-26430 | Command Injection vulnerability in Open-Xchange Appsuite Backend 7.10.6/8.10.0 Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. | 4.3 |
| 2023-08-01 | CVE-2023-3739 | Command Injection vulnerability in Google Chrome Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. | 6.3 |
| 2023-08-01 | CVE-2023-31429 | Command Injection vulnerability in Broadcom Fabric Operating System Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. | 5.5 |
| 2023-08-01 | CVE-2023-3718 | Command Injection vulnerability in HPE Arubaos-Cx 10.10.0000/10.10.1020/10.10.1030 An authenticated command injection vulnerability exists in the AOS-CX command line interface. | 8.8 |
| 2023-08-01 | CVE-2022-39986 | Command Injection vulnerability in Raspap A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. | 9.8 |
| 2023-08-01 | CVE-2022-39987 | Command Injection vulnerability in Raspap A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php. | 8.8 |
| 2023-08-01 | CVE-2023-34960 | Command Injection vulnerability in Chamilo A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. | 9.8 |
| 2023-07-30 | CVE-2023-37214 | Command Injection vulnerability in Heights-T Ero1Xs-Pro Firmware Bzero1Xp.025 Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025. | 9.8 |