Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-22 | CVE-2018-19013 | Command Injection vulnerability in Omron Cx-Supervisor An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. | 5.0 |
| 2019-01-09 | CVE-2017-15403 | Command Injection vulnerability in Google Chrome Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. | 7.3 |
| 2019-01-08 | CVE-2019-0541 | Command Injection vulnerability in Microsoft products A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus. | 8.8 |
| 2019-01-03 | CVE-2018-17172 | Command Injection vulnerability in Xerox products The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection. | 9.8 |
| 2018-12-06 | CVE-2018-19911 | Command Injection vulnerability in Freeswitch FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. | 7.5 |
| 2018-11-28 | CVE-2018-14746 | Command Injection vulnerability in Qnap QTS Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. | 9.8 |
| 2018-11-27 | CVE-2018-14893 | Command Injection vulnerability in Zyxel Nsa325 V2 Firmware 4.81 A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. | 8.8 |
| 2018-10-24 | CVE-2016-10729 | Command Injection vulnerability in multiple products An issue was discovered in Amanda 3.3.1. | 7.8 |
| 2018-10-23 | CVE-2018-17445 | Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | 9.8 |
| 2018-10-09 | CVE-2018-14649 | Command Injection vulnerability in Redhat products It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. | 9.8 |