Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-17 | CVE-2022-43781 | Command Injection vulnerability in Atlassian Bitbucket There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. | 9.8 |
| 2022-11-16 | CVE-2022-40752 | Command Injection vulnerability in IBM products IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. | 9.8 |
| 2022-11-10 | CVE-2022-45063 | Command Injection vulnerability in multiple products xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. | 9.8 |
| 2022-11-03 | CVE-2022-43109 | Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2 D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. | 9.8 |
| 2022-10-28 | CVE-2022-37425 | Command Injection vulnerability in Opennebula Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | 9.8 |
| 2022-10-27 | CVE-2022-43367 | Command Injection vulnerability in Ip-Com EW9 Firmware 15.11.0.14 IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function. | 9.8 |
| 2022-10-19 | CVE-2022-41617 | Command Injection vulnerability in F5 Big-Ip Application Security Manager In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. | 7.2 |
| 2022-10-19 | CVE-2016-20017 | Command Injection vulnerability in Dlink Dsl-2750B Firmware D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. | 9.8 |
| 2022-10-13 | CVE-2022-42156 | Command Injection vulnerability in Dlink products D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. | 8.8 |
| 2022-10-13 | CVE-2022-42160 | Command Injection vulnerability in Dlink products D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. | 8.8 |