Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-15 | CVE-2023-24229 | Command Injection vulnerability in Draytek Vigor2960 Firmware 1.5.1.4 DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. | 7.8 |
| 2023-03-15 | CVE-2023-27240 | Command Injection vulnerability in Tenda AX3 Firmware 16.03.12.11 Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. | 9.8 |
| 2023-03-13 | CVE-2023-0351 | Command Injection vulnerability in Akuvox E11 Firmware The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. | 8.8 |
| 2023-03-13 | CVE-2023-27581 | Command Injection vulnerability in Github-Slug-Action Project Github-Slug-Action github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. | 8.8 |
| 2023-03-13 | CVE-2023-0978 | Command Injection vulnerability in multiple products A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. | 6.7 |
| 2023-03-13 | CVE-2023-0628 | Command Injection vulnerability in Docker Desktop Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. | 7.8 |
| 2023-03-06 | CVE-2023-0093 | Command Injection vulnerability in Okta Advanced Server Access Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. | 8.8 |
| 2023-03-05 | CVE-2021-4329 | Command Injection vulnerability in Json-Logic-Js Project Json-Logic-Js 2.0.0 A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. | 9.8 |
| 2023-03-03 | CVE-2023-1162 | Command Injection vulnerability in Draytek Vigor 2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. | 8.8 |
| 2023-03-01 | CVE-2023-1097 | Command Injection vulnerability in Baicells Eg7035-M11 Firmware Bceodu1.0.8 Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. | 9.8 |