Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-30 | CVE-2019-9507 | Command Injection vulnerability in Vertiv Avocent Umg-4000 Firmware 4.2.1.19 The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. | 9.0 |
2020-03-26 | CVE-2020-10826 | Command Injection vulnerability in Draytek products /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. | 10.0 |
2020-03-25 | CVE-2020-6811 | Command Injection vulnerability in multiple products The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. | 6.8 |
2020-03-18 | CVE-2019-12921 | Command Injection vulnerability in multiple products In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | 4.3 |
2020-02-27 | CVE-2019-5323 | Command Injection vulnerability in Arubanetworks Airwave There are command injection vulnerabilities present in the AirWave application. | 6.5 |
2020-01-28 | CVE-2019-4635 | Command Injection vulnerability in IBM Security Secret Server 10.7 IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. | 4.0 |
2020-01-17 | CVE-2019-17361 | Command Injection vulnerability in multiple products In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. | 9.8 |
2020-01-15 | CVE-2019-15010 | Command Injection vulnerability in Atlassian Bitbucket Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. | 6.5 |
2020-01-10 | CVE-2014-4982 | Command Injection vulnerability in Xorux Lpar2Rrd LPAR2RRD = 4.53 and = 3.5 has arbitrary command injection on the application server. | 9.8 |
2019-12-19 | CVE-2019-8255 | Command Injection vulnerability in Adobe Brackets 1.14/1.6 Brackets versions 1.14 and earlier have a command injection vulnerability. | 10.0 |