Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-28 | CVE-2023-2377 | Command Injection vulnerability in UI Er-X-Sfp Firmware and Er-X Firmware A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. | 8.8 |
| 2023-04-28 | CVE-2023-2378 | Command Injection vulnerability in UI Er-X-Sfp Firmware and Er-X Firmware A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. | 8.8 |
| 2023-04-28 | CVE-2023-2374 | Command Injection vulnerability in UI Er-X-Sfp Firmware and Er-X Firmware A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. | 8.8 |
| 2023-04-28 | CVE-2023-2375 | Command Injection vulnerability in UI Er-X-Sfp Firmware and Er-X Firmware A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. | 8.8 |
| 2023-04-28 | CVE-2023-2373 | Command Injection vulnerability in UI Edgemax Edgerouter Firmware 2.0.9 A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. | 8.8 |
| 2023-04-24 | CVE-2023-30623 | Command Injection vulnerability in WIP Project WIP 1.0.0 `embano1/wip` is a GitHub Action written in Bash. | 8.8 |
| 2023-04-24 | CVE-2023-27848 | Command Injection vulnerability in Broccoli-Compass Project Broccoli-Compass 0.2.4 broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | 9.8 |
| 2023-04-24 | CVE-2023-27849 | Command Injection vulnerability in Rails-Routes-To-Json Project Rails-Routes-To-Json 1.0.0 rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | 9.8 |
| 2023-04-24 | CVE-2023-29566 | Command Injection vulnerability in multiple products huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | 9.8 |
| 2023-04-24 | CVE-2023-22913 | Command Injection vulnerability in Zyxel products A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device. | 8.1 |