Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-20 | CVE-2022-29184 | Command Injection vulnerability in Thoughtworks Gocd GoCD is a continuous delivery server. | 8.8 |
| 2022-05-17 | CVE-2022-24388 | Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. | 8.8 |
| 2022-05-17 | CVE-2022-24389 | Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. | 8.8 |
| 2022-05-17 | CVE-2022-24390 | Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. | 8.8 |
| 2022-05-17 | CVE-2022-24392 | Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. | 8.8 |
| 2022-05-17 | CVE-2022-24393 | Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. | 8.8 |
| 2022-05-17 | CVE-2022-24394 | Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. | 8.8 |
| 2022-05-05 | CVE-2021-44051 | Command Injection vulnerability in Qnap Qts, Quts Hero and Qutscloud A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. | 8.8 |
| 2022-05-05 | CVE-2022-27588 | Command Injection vulnerability in Qnap QVR 5.1.5 We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later | 9.8 |
| 2022-05-05 | CVE-2022-27806 | Command Injection vulnerability in F5 products On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. | 7.2 |