Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2014-10075 | Command Injection vulnerability in Karo Project Karo 2.3.8 The karo gem 2.3.8 for Ruby allows Remote command injection via the host field. | 9.8 |
| 2018-09-18 | CVE-2018-1000802 | Command Injection vulnerability in multiple products Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. | 9.8 |
| 2018-09-14 | CVE-2018-0718 | Command Injection vulnerability in Qnap Music Station Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. | 9.8 |
| 2018-09-07 | CVE-2016-9044 | Command Injection vulnerability in Informationbuilders Webfocus 8.1 An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . | 8.8 |
| 2018-08-17 | CVE-2018-15356 | Command Injection vulnerability in Eltex Esp-200 Firmware 1.2.0 An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. | 8.8 |
| 2018-08-13 | CVE-2018-0714 | Command Injection vulnerability in Qnap Helpdesk Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. | 9.8 |
| 2018-07-31 | CVE-2016-8628 | Command Injection vulnerability in Redhat Ansible Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. | 9.1 |
| 2018-07-18 | CVE-2018-0351 | Command Injection vulnerability in Cisco products A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2018-07-18 | CVE-2018-0350 | Command Injection vulnerability in Cisco products A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 8.8 |
| 2018-07-18 | CVE-2018-0347 | Command Injection vulnerability in Cisco products A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |