Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-13 | CVE-2022-46404 | Command Injection vulnerability in Atos products A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system. | 9.8 |
2022-12-07 | CVE-2022-41800 | Command Injection vulnerability in F5 products In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. | 8.7 |
2022-12-02 | CVE-2022-3086 | Command Injection vulnerability in Moxa products Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. | 7.6 |
2022-11-29 | CVE-2022-36962 | Command Injection vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to Command Injection. | 7.2 |
2022-11-23 | CVE-2022-45462 | Command Injection vulnerability in Apache Dolphinscheduler Alarm instance management has command injection when there is a specific command configured. | 9.8 |
2022-11-23 | CVE-2022-40770 | Command Injection vulnerability in Zohocorp Manageengine Servicedesk Plus Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. | 7.2 |
2022-11-23 | CVE-2020-23584 | Command Injection vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028 Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution. | 9.8 |
2022-11-23 | CVE-2020-23583 | Command Injection vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028 OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. | 9.8 |
2022-11-22 | CVE-2022-40765 | Command Injection vulnerability in Mitel Mivoice Connect 19.1/19.3 A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. | 6.8 |
2022-11-17 | CVE-2022-36786 | Command Injection vulnerability in Dlink Dsl-224 Firmware DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. | 9.9 |