Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2020-03-30 CVE-2019-9507 Command Injection vulnerability in Vertiv Avocent Umg-4000 Firmware 4.2.1.19
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing.
network
low complexity
vertiv CWE-77
critical
9.0
2020-03-26 CVE-2020-10826 Command Injection vulnerability in Draytek products
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.
network
low complexity
draytek CWE-77
critical
10.0
2020-03-25 CVE-2020-6811 Command Injection vulnerability in multiple products
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website.
6.8
2020-03-18 CVE-2019-12921 Command Injection vulnerability in multiple products
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
4.3
2020-02-27 CVE-2019-5323 Command Injection vulnerability in Arubanetworks Airwave
There are command injection vulnerabilities present in the AirWave application.
network
low complexity
arubanetworks CWE-77
6.5
2020-01-28 CVE-2019-4635 Command Injection vulnerability in IBM Security Secret Server 10.7
IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements.
network
low complexity
ibm CWE-77
4.0
2020-01-17 CVE-2019-17361 Command Injection vulnerability in multiple products
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection.
network
low complexity
saltstack debian opensuse canonical CWE-77
critical
9.8
2020-01-15 CVE-2019-15010 Command Injection vulnerability in Atlassian Bitbucket
Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields.
network
low complexity
atlassian CWE-77
6.5
2020-01-10 CVE-2014-4982 Command Injection vulnerability in Xorux Lpar2Rrd
LPAR2RRD = 4.53 and = 3.5 has arbitrary command injection on the application server.
network
low complexity
xorux CWE-77
critical
9.8
2019-12-19 CVE-2019-8255 Command Injection vulnerability in Adobe Brackets 1.14/1.6
Brackets versions 1.14 and earlier have a command injection vulnerability.
network
low complexity
adobe CWE-77
critical
10.0