Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2023-33556 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. | 9.8 |
| 2023-06-07 | CVE-2023-20887 | Command Injection vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a command injection vulnerability. | 9.8 |
| 2023-06-07 | CVE-2023-20889 | Command Injection vulnerability in VMWare Vrealize Network Insight Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | 7.5 |
| 2023-06-07 | CVE-2023-33538 | Command Injection vulnerability in Tp-Link products TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | 8.8 |
| 2023-06-07 | CVE-2022-25834 | Command Injection vulnerability in Percona Xtrabackup In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. | 7.8 |
| 2023-06-07 | CVE-2023-30400 | Command Injection vulnerability in Anyka Ak3918Ev300 Firmware 18 An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. | 9.8 |
| 2023-06-07 | CVE-2023-33782 | Command Injection vulnerability in Dlink Dir-842V2 Firmware 1.0.3 D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. | 8.8 |
| 2023-06-06 | CVE-2023-34111 | Command Injection vulnerability in Tdengine Grafana The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. | 9.8 |
| 2023-06-06 | CVE-2023-31569 | Command Injection vulnerability in Totolink X5000R Firmware 9.1.0Cu.2350B20230313 TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. | 9.8 |
| 2023-06-06 | CVE-2023-33532 | Command Injection vulnerability in Netgear R6250 Firmware 1.0.4.48 There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. | 9.8 |