Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2021-43159 Command Injection vulnerability in Ruijienetworks Reyeeos
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common..
network
low complexity
ruijienetworks CWE-77
8.8
8.8
2022-05-04 CVE-2021-43160 Command Injection vulnerability in Ruijienetworks Reyeeos
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose.
network
low complexity
ruijienetworks CWE-77
8.8
8.8
2022-05-04 CVE-2021-43161 Command Injection vulnerability in Ruijienetworks Reyeeos
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch.
network
low complexity
ruijienetworks CWE-77
8.8
8.8
2022-05-04 CVE-2021-43162 Command Injection vulnerability in Ruijienetworks Reyeeos
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose.
network
low complexity
ruijienetworks CWE-77
8.8
8.8
2022-05-04 CVE-2021-43163 Command Injection vulnerability in Ruijienetworks Reyeeos
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth.
network
low complexity
ruijienetworks CWE-77
critical
 9.8
9.8
2022-04-14 CVE-2021-43286 Command Injection vulnerability in Thoughtworks Gocd
An issue was discovered in ThoughtWorks GoCD before 21.3.0.
network
low complexity
thoughtworks CWE-77
8.8
8.8
2022-04-13 CVE-2015-20107 Command Injection vulnerability in multiple products
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file.
network
low complexity
python netapp fedoraproject CWE-77
7.6
7.6
2022-04-13 CVE-2021-44520 Command Injection vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
network
low complexity
citrix CWE-77
8.8
8.8
2022-04-13 CVE-2022-26151 Command Injection vulnerability in Citrix Xenmobile Server 10.13.0/10.14.0
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
network
low complexity
citrix CWE-77
7.2
7.2
2022-04-07 CVE-2021-43474 Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function
network
low complexity
dlink CWE-77
critical
 9.8
9.8