Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-29072 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
8.4
8.4
2021-03-23 CVE-2021-29071 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
critical
 9.0
9.0
2021-03-23 CVE-2021-29070 Command Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
8.4
8.4
2021-03-23 CVE-2021-29069 Command Injection vulnerability in Netgear Wnr2000V5 Firmware, Xr450 Firmware and Xr500 Firmware
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-77
8.4
8.4
2021-03-19 CVE-2021-26275 Command Injection vulnerability in Eslint-Fixer Project Eslint-Fixer
The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function.
network
low complexity
eslint-fixer-project CWE-77
critical
 9.8
9.8
2021-03-04 CVE-2020-8298 Command Injection vulnerability in Fs-Path Project Fs-Path
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.
network
low complexity
fs-path-project CWE-77
critical
 9.8
9.8
2021-02-27 CVE-2021-3148 Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-77
critical
 9.8
9.8
2021-02-27 CVE-2020-28243 Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
local
low complexity
saltstack fedoraproject debian CWE-77
7.8
7.8
2021-02-17 CVE-2020-7848 Command Injection vulnerability in Iptime C200 Firmware 1.0.12
The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script.
low complexity
iptime CWE-77
8.0
8.0
2021-02-12 CVE-2020-27867 Command Injection vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers.
low complexity
netgear CWE-77
6.8
6.8