Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-07 | CVE-2021-38173 | Command Injection vulnerability in multiple products Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. | 9.8 |
| 2021-08-07 | CVE-2021-38169 | Command Injection vulnerability in Roxy-Wi Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py. | 8.8 |
| 2021-08-06 | CVE-2021-36707 | Command Injection vulnerability in Prolink Prc2402M Firmware In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system. | 9.8 |
| 2021-07-21 | CVE-2021-21406 | Command Injection vulnerability in Combodo Itop Combodo iTop is an open source, web based IT Service Management tool. | 8.8 |
| 2021-07-07 | CVE-2021-32529 | Command Injection vulnerability in Qsan Sanos and Xevo Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. | 9.8 |
| 2021-06-28 | CVE-2021-33515 | Command Injection vulnerability in multiple products The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. | 4.8 |
| 2021-06-24 | CVE-2020-17759 | Command Injection vulnerability in Evernote 6.17.7/6.18 An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. | 8.8 |
| 2021-06-24 | CVE-2020-21785 | Command Injection vulnerability in Ibos 4.5.4 In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. | 8.8 |
| 2021-06-18 | CVE-2021-34809 | Command Injection vulnerability in Synology Download Station Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 8.8 |
| 2021-06-08 | CVE-2021-28811 | Command Injection vulnerability in Roonlabs Roon Server 20210201 If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. | 7.2 |