Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-28 | CVE-2021-33515 | Command Injection vulnerability in multiple products The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. | 4.8 |
| 2021-06-24 | CVE-2020-17759 | Command Injection vulnerability in Evernote 6.17.7/6.18 An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. | 8.8 |
| 2021-06-24 | CVE-2020-21785 | Command Injection vulnerability in Ibos 4.5.4 In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. | 8.8 |
| 2021-06-08 | CVE-2021-28811 | Command Injection vulnerability in Roonlabs Roon Server 20210201 If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. | 7.2 |
| 2021-06-03 | CVE-2021-28812 | Command Injection vulnerability in Qnap Video Station A command injection vulnerability has been reported to affect certain versions of Video Station. | 8.8 |
| 2021-06-02 | CVE-2015-1877 | Command Injection vulnerability in multiple products The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. | 8.8 |
| 2021-05-31 | CVE-2020-10666 | Command Injection vulnerability in Sangoma Restapps The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command. | 9.8 |
| 2021-05-27 | CVE-2020-15180 | Command Injection vulnerability in multiple products A flaw was found in the mysql-wsrep component of mariadb. | 9.0 |
| 2021-05-27 | CVE-2021-22899 | Command Injection vulnerability in Ivanti Connect Secure 9.0/9.1 A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | 8.8 |
| 2021-05-26 | CVE-2019-25029 | Command Injection vulnerability in Versa-Networks Versa Director In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. | 9.8 |