Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-06 | CVE-2020-26582 | Command Injection vulnerability in Dlink Dap-1360U Firmware D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18). | 9.0 |
2020-10-01 | CVE-2020-15228 | Command Injection vulnerability in Toolkit Project Toolkit In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. | 4.0 |
2020-09-17 | CVE-2020-11698 | Command Injection vulnerability in Titanhq Spamtitan 7.07 An issue was discovered in Titan SpamTitan 7.07. | 10.0 |
2020-09-15 | CVE-2020-24561 | Command Injection vulnerability in Trendmicro Serverprotect 3.0 A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. | 9.0 |
2020-09-08 | CVE-2020-11117 | Command Injection vulnerability in Qualcomm products u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980 | 7.5 |
2020-09-04 | CVE-2020-7730 | Command Injection vulnerability in Bestzip Project Bestzip The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. | 7.5 |
2020-08-21 | CVE-2019-11853 | Command Injection vulnerability in Sierrawireless Aleos Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. | 6.5 |
2020-07-14 | CVE-2020-11084 | Command Injection vulnerability in Ipear Project Ipear 0.6.14/0.6.15/0.7.0 In iPear, the manual execution of the eval() function can lead to command injection. | 5.5 |
2020-06-24 | CVE-2020-14472 | Command Injection vulnerability in Draytek products On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file. | 7.5 |
2020-06-18 | CVE-2020-4059 | Command Injection vulnerability in Mversion Project Mversion In mversion before 2.0.0, there is a command injection vulnerability. | 7.5 |