Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-13 | CVE-2021-44520 | Command Injection vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0 In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. | 9.0 |
| 2022-04-13 | CVE-2022-26151 | Command Injection vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0 Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. | 7.2 |
| 2022-04-07 | CVE-2021-43474 | Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05 An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function | 7.5 |
| 2022-04-06 | CVE-2022-20665 | Command Injection vulnerability in Cisco Staros A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
| 2022-04-01 | CVE-2021-23247 | Command Injection vulnerability in Oppo Quick APP 4.5.0 A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. | 7.5 |
| 2022-03-31 | CVE-2021-43663 | Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. | 7.9 |
| 2022-03-30 | CVE-2021-43664 | Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. | 9.3 |
| 2022-03-30 | CVE-2022-25619 | Command Injection vulnerability in Profelis Sambabox Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. | 4.6 |
| 2022-03-29 | CVE-2021-43118 | Command Injection vulnerability in Draytek products A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. | 7.5 |
| 2022-03-25 | CVE-2022-22688 | Command Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 6.5 |