Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-07 | CVE-2022-41800 | Command Injection vulnerability in F5 products In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. | 8.7 |
2022-12-02 | CVE-2022-3086 | Command Injection vulnerability in Moxa products Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. | 7.6 |
2022-11-29 | CVE-2022-36962 | Command Injection vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to Command Injection. | 7.2 |
2022-11-23 | CVE-2022-45462 | Command Injection vulnerability in Apache Dolphinscheduler Alarm instance management has command injection when there is a specific command configured. | 9.8 |
2022-11-23 | CVE-2022-40770 | Command Injection vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. | 7.2 |
2022-11-23 | CVE-2020-23584 | Command Injection vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028 Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution. | 9.8 |
2022-11-23 | CVE-2020-23583 | Command Injection vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028 OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. | 9.8 |
2022-11-22 | CVE-2022-40765 | Command Injection vulnerability in Mitel Mivoice Connect 19.1/19.3 A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. | 6.8 |
2022-11-17 | CVE-2022-36786 | Command Injection vulnerability in Dlink Dsl-224 Firmware DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. | 9.9 |
2022-11-17 | CVE-2022-40881 | Command Injection vulnerability in Contec Solarview Compact Firmware 6.00 SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php | 9.8 |