Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-04 | CVE-2023-1671 | Command Injection vulnerability in Sophos web Appliance A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | 9.8 |
| 2023-03-30 | CVE-2023-28935 | Command Injection vulnerability in Apache Unstructured Information Management Architecture ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 8.8 |
| 2023-03-29 | CVE-2022-43623 | Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
| 2023-03-29 | CVE-2023-1685 | Command Injection vulnerability in Hadsky A vulnerability was found in HadSky up to 7.11.8. | 7.2 |
| 2023-03-29 | CVE-2023-23355 | Command Injection vulnerability in Qnap products An OS command injection vulnerability has been reported to affect QNAP operating systems. | 7.2 |
| 2023-03-28 | CVE-2023-28712 | Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions. | 9.8 |
| 2023-03-27 | CVE-2023-1141 | Command Injection vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. | 8.8 |
| 2023-03-25 | CVE-2023-1458 | Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9 A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. | 9.8 |
| 2023-03-25 | CVE-2023-1456 | Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9 A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. | 9.8 |
| 2023-03-25 | CVE-2023-1457 | Command Injection vulnerability in UI Edgerouter X Firmware 2.0.9 A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. | 9.8 |