Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2019-05-22 CVE-2018-7825 Command Injection vulnerability in Schneider-Electric products
A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.
network
low complexity
schneider-electric CWE-77
8.8
8.8
2019-05-15 CVE-2019-10640 Command Injection vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4.
network
low complexity
gitlab CWE-77
7.5
7.5
2019-04-26 CVE-2019-6689 Command Injection vulnerability in Dillonkane Tidal Workload Automation 3.2.0.5
An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA).
local
low complexity
dillonkane CWE-77
7.8
7.8
2019-04-24 CVE-2019-11217 Command Injection vulnerability in Bonobogitserver Bonobo GIT Server
The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request.
network
low complexity
bonobogitserver CWE-77
critical
 9.8
9.8
2019-04-23 CVE-2019-11076 Command Injection vulnerability in Cribl 1.5.0
Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request.
network
low complexity
cribl CWE-77
critical
 9.8
9.8
2019-03-26 CVE-2019-9743 Command Injection vulnerability in Phoenixcontact products
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices.
network
low complexity
phoenixcontact CWE-77
8.8
8.8
2019-03-26 CVE-2019-9059 Command Injection vulnerability in Cmsmadesimple CMS Made Simple
An issue was discovered in CMS Made Simple 2.2.8.
network
low complexity
cmsmadesimple CWE-77
7.2
7.2
2019-03-25 CVE-2019-7610 Command Injection vulnerability in Elastic Kibana
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger.
network
high complexity
elastic CWE-77
critical
 9.0
9.0
2019-03-21 CVE-2019-7537 Command Injection vulnerability in Pytroll Donfig 0.3.0
An issue was discovered in Donfig 0.3.0.
network
low complexity
pytroll CWE-77
critical
 9.8
9.8
2019-03-21 CVE-2018-3963 Command Injection vulnerability in Getcujo Smart Firewall 7003
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall.
low complexity
getcujo CWE-77
8.0
8.0