Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-15 | CVE-2013-2516 | Command Injection vulnerability in Fileutils Project Fileutils Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell. | 8.8 |
| 2019-02-05 | CVE-2016-1000282 | Command Injection vulnerability in Haraka Project Haraka Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. | 9.8 |
| 2019-02-04 | CVE-2019-1000018 | Command Injection vulnerability in multiple products rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. | 7.8 |
| 2019-01-24 | CVE-2019-1646 | Command Injection vulnerability in Cisco products A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. | 7.8 |
| 2019-01-22 | CVE-2018-19013 | Command Injection vulnerability in Omron Cx-Supervisor An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. | 5.0 |
| 2019-01-09 | CVE-2017-15403 | Command Injection vulnerability in Google Chrome Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. | 7.3 |
| 2019-01-08 | CVE-2019-0541 | Command Injection vulnerability in Microsoft products A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus. | 8.8 |
| 2019-01-03 | CVE-2018-17172 | Command Injection vulnerability in Xerox products The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection. | 9.8 |
| 2018-12-06 | CVE-2018-19911 | Command Injection vulnerability in Freeswitch FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. | 7.5 |
| 2018-11-28 | CVE-2018-14746 | Command Injection vulnerability in Qnap QTS Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. | 9.8 |