Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-14893 | Command Injection vulnerability in Zyxel Nsa325 V2 Firmware 4.81 A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. | 8.8 |
| 2018-10-24 | CVE-2016-10729 | Command Injection vulnerability in multiple products An issue was discovered in Amanda 3.3.1. | 7.8 |
| 2018-10-23 | CVE-2018-17445 | Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 9.8 |
| 2018-10-05 | CVE-2018-0454 | Command Injection vulnerability in Cisco Cloud Services Platform 2100 Firmware 2.2(4) A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. | 8.8 |
| 2018-10-05 | CVE-2018-0431 | Command Injection vulnerability in Cisco Unified Computing System 2.0Base/3.0(3A)/3.1(3) A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. | 8.8 |
| 2018-10-05 | CVE-2018-0430 | Command Injection vulnerability in Cisco Unified Computing System 2.0Base/3.0(3A)/3.1(3) A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. | 8.8 |
| 2018-10-05 | CVE-2014-10075 | Command Injection vulnerability in Karo Project Karo 2.3.8 The karo gem 2.3.8 for Ruby allows Remote command injection via the host field. | 9.8 |
| 2018-09-18 | CVE-2018-1000802 | Command Injection vulnerability in multiple products Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. | 9.8 |
| 2018-09-14 | CVE-2018-0718 | Command Injection vulnerability in Qnap Music Station Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. | 9.8 |
| 2018-09-07 | CVE-2016-9044 | Command Injection vulnerability in Informationbuilders Webfocus 8.1 An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . | 8.8 |