Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-06 | CVE-2021-36707 | Command Injection vulnerability in Prolink Prc2402M Firmware In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system. | 9.8 |
| 2021-07-21 | CVE-2021-21406 | Command Injection vulnerability in Combodo Itop Combodo iTop is an open source, web based IT Service Management tool. | 8.8 |
| 2021-06-28 | CVE-2021-33515 | Command Injection vulnerability in multiple products The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. | 4.8 |
| 2021-06-24 | CVE-2020-17759 | Command Injection vulnerability in Evernote 6.17.7/6.18 An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. | 8.8 |
| 2021-06-24 | CVE-2020-21785 | Command Injection vulnerability in Ibos 4.5.4 In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. | 8.8 |
| 2021-06-08 | CVE-2021-28811 | Command Injection vulnerability in Roonlabs Roon Server 20210201 If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. | 7.2 |
| 2021-06-03 | CVE-2021-28812 | Command Injection vulnerability in Qnap Video Station A command injection vulnerability has been reported to affect certain versions of Video Station. | 8.8 |
| 2021-06-02 | CVE-2015-1877 | Command Injection vulnerability in multiple products The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. | 8.8 |
| 2021-05-31 | CVE-2020-10666 | Command Injection vulnerability in Sangoma Restapps The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command. | 9.8 |
| 2021-05-27 | CVE-2020-15180 | Command Injection vulnerability in multiple products A flaw was found in the mysql-wsrep component of mariadb. | 9.0 |