Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2020-23583 | Command Injection vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028 OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. | 9.8 |
| 2022-11-22 | CVE-2022-40765 | Command Injection vulnerability in Mitel Mivoice Connect 19.1/19.3 A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. | 6.8 |
| 2022-11-17 | CVE-2022-36786 | Command Injection vulnerability in Dlink Dsl-224 Firmware DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. | 9.9 |
| 2022-11-17 | CVE-2022-40881 | Command Injection vulnerability in Contec Solarview Compact Firmware 6.00 SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php | 9.8 |
| 2022-11-17 | CVE-2022-43781 | Command Injection vulnerability in Atlassian Bitbucket There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. | 9.8 |
| 2022-11-16 | CVE-2022-40752 | Command Injection vulnerability in IBM products IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. | 9.8 |
| 2022-11-10 | CVE-2022-45063 | Command Injection vulnerability in multiple products xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. | 9.8 |
| 2022-11-03 | CVE-2022-43109 | Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2 D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. | 9.8 |
| 2022-10-28 | CVE-2022-37425 | Command Injection vulnerability in Opennebula Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | 9.8 |
| 2022-10-27 | CVE-2022-43367 | Command Injection vulnerability in Ip-Com EW9 Firmware 15.11.0.14 IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function. | 9.8 |