Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-27 | CVE-2021-22899 | Command Injection vulnerability in Ivanti Connect Secure 9.0/9.1 A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | 8.8 |
| 2021-05-26 | CVE-2019-25029 | Command Injection vulnerability in Versa-Networks Versa Director In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. | 9.8 |
| 2021-05-24 | CVE-2020-28901 | Command Injection vulnerability in Nagios Fusion Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. | 9.8 |
| 2021-05-24 | CVE-2020-28902 | Command Injection vulnerability in Nagios Fusion Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. | 9.8 |
| 2021-05-24 | CVE-2020-28908 | Command Injection vulnerability in Nagios Fusion Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios. | 9.8 |
| 2021-05-22 | CVE-2021-1555 | Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. | 7.2 |
| 2021-05-22 | CVE-2021-1560 | Command Injection vulnerability in Cisco DNA Spaces: Connector 2.0 Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. | 7.2 |
| 2021-05-18 | CVE-2020-20951 | Command Injection vulnerability in Pluck-Cms Pluck 4.7.10 In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files. | 9.8 |
| 2021-05-13 | CVE-2020-12967 | Command Injection vulnerability in AMD products The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor. | 7.2 |
| 2021-05-13 | CVE-2021-26311 | Command Injection vulnerability in AMD products In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor. | 7.2 |