Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-11789 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 9.8 |
| 2020-04-15 | CVE-2020-11770 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.8 |
| 2020-04-15 | CVE-2020-10514 | Command Injection vulnerability in Icatchinc DVR Firmware iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. | 8.8 |
| 2020-04-01 | CVE-2018-11106 | Command Injection vulnerability in Netgear products NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5. | 9.8 |
| 2020-03-30 | CVE-2019-9507 | Command Injection vulnerability in Vertiv Avocent Umg-4000 Firmware 4.2.1.19 The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. | 7.2 |
| 2020-03-26 | CVE-2020-10826 | Command Injection vulnerability in Draytek products /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. | 9.8 |
| 2020-03-25 | CVE-2020-6811 | Command Injection vulnerability in multiple products The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. | 8.8 |
| 2020-03-18 | CVE-2019-12921 | Command Injection vulnerability in multiple products In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | 6.5 |
| 2020-03-10 | CVE-2019-12430 | Command Injection vulnerability in Gitlab 11.11.0 An issue was discovered in GitLab Community and Enterprise Edition 11.11. | 8.8 |
| 2020-02-27 | CVE-2019-5323 | Command Injection vulnerability in Arubanetworks Airwave There are command injection vulnerabilities present in the AirWave application. | 7.2 |