Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-08 | CVE-2022-28220 | Command Injection vulnerability in Apache James Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 7.5 |
| 2022-09-05 | CVE-2022-3008 | Command Injection vulnerability in multiple products The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. | 8.8 |
| 2022-08-31 | CVE-2022-37125 | Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. | 9.8 |
| 2022-08-31 | CVE-2022-21941 | Command Injection vulnerability in Johnsoncontrols Istar Ultra Firmware 6.8.6 All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. | 9.8 |
| 2022-08-29 | CVE-2022-36553 | Command Injection vulnerability in Hytec Hwl-2511-Ss Firmware 1.05 Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi. | 9.8 |
| 2022-08-29 | CVE-2022-36554 | Command Injection vulnerability in Hytec Hwl-2511-Ss Firmware 1.05 A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. | 9.8 |
| 2022-08-29 | CVE-2022-36556 | Command Injection vulnerability in Seiko-Sol products Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01. | 9.8 |
| 2022-08-29 | CVE-2022-36559 | Command Injection vulnerability in Seiko-Sol Skybridge Mb-A200 Firmware 01.00.04 Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi. | 9.8 |
| 2022-08-15 | CVE-2022-36523 | Command Injection vulnerability in Dlink Go-Rt-Ac750 Firmware 101B03/200B02 D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | 9.8 |
| 2022-08-03 | CVE-2022-34974 | Command Injection vulnerability in Dlink Dir820La1 Firmware 102B22 D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. | 9.8 |