Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-12 | CVE-2023-35032 | Command Injection vulnerability in Atos products Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554. | 8.8 |
| 2023-06-12 | CVE-2023-35033 | Command Injection vulnerability in Atos products Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556. | 8.8 |
| 2023-06-12 | CVE-2023-35035 | Command Injection vulnerability in Atos products Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557. | 8.8 |
| 2023-06-11 | CVE-2023-25911 | Command Injection vulnerability in Danfoss Ak-Em100 Firmware The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters. | 8.8 |
| 2023-06-08 | CVE-2023-34233 | Command Injection vulnerability in Snowflake Connector The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. | 8.8 |
| 2023-06-07 | CVE-2023-33556 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. | 9.8 |
| 2023-06-07 | CVE-2023-20887 | Command Injection vulnerability in VMWare Aria Operations for Networks Aria Operations for Networks contains a command injection vulnerability. | 9.8 |
| 2023-06-07 | CVE-2023-20889 | Command Injection vulnerability in VMWare Vrealize Network Insight Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | 7.5 |
| 2023-06-07 | CVE-2023-33538 | Command Injection vulnerability in Tp-Link products TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | 8.8 |
| 2023-06-07 | CVE-2022-25834 | Command Injection vulnerability in Percona Xtrabackup In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. | 7.8 |