Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-07 | CVE-2023-26978 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. | 9.8 |
| 2023-04-07 | CVE-2023-26848 | Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. | 9.8 |
| 2023-04-06 | CVE-2023-29473 | Command Injection vulnerability in Atos Unify Openscape 4000 and Unify Openscape 4000 Manager webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710. | 9.8 |
| 2023-04-06 | CVE-2023-29474 | Command Injection vulnerability in Atos Unify Openscape 4000 and Unify Openscape 4000 Manager inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552. | 9.8 |
| 2023-04-06 | CVE-2023-29475 | Command Injection vulnerability in Atos Unify Openscape 4000 and Unify Openscape 4000 Manager inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23543. | 9.8 |
| 2023-04-05 | CVE-2023-1708 | Command Injection vulnerability in Gitlab An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. | 9.8 |
| 2023-04-05 | CVE-2023-20124 | Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. | 7.2 |
| 2023-04-04 | CVE-2023-26866 | Command Injection vulnerability in Greenpacket Ot-235 Firmware and Wr-1200 Firmware GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. | 9.8 |
| 2023-04-04 | CVE-2022-4934 | Command Injection vulnerability in Sophos web Appliance A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. | 7.2 |
| 2023-04-04 | CVE-2023-1671 | Command Injection vulnerability in Sophos web Appliance A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | 9.8 |