Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-13 | CVE-2022-42160 | Command Injection vulnerability in Dlink products D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. | 8.8 |
| 2022-10-13 | CVE-2022-42161 | Command Injection vulnerability in Dlink products D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. | 8.8 |
| 2022-10-13 | CVE-2022-42906 | Command Injection vulnerability in multiple products powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. | 7.8 |
| 2022-10-13 | CVE-2022-42897 | Command Injection vulnerability in Arraynetworks Arrayos AG 9.4.0.469 Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. | 9.8 |
| 2022-09-30 | CVE-2022-41870 | Command Injection vulnerability in Innovaphone Firmware 12R1/13R2 AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. | 7.2 |
| 2022-09-23 | CVE-2022-40100 | Command Injection vulnerability in Tenda I9 Firmware 1.0.0.8(3828) Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. | 9.8 |
| 2022-09-08 | CVE-2022-28220 | Command Injection vulnerability in Apache James Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 7.5 |
| 2022-09-05 | CVE-2022-3008 | Command Injection vulnerability in multiple products The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. | 8.8 |
| 2022-08-31 | CVE-2022-37125 | Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. | 9.8 |
| 2022-08-31 | CVE-2022-21941 | Command Injection vulnerability in Johnsoncontrols Istar Ultra Firmware 6.8.6 All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. | 9.8 |