Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-0454 | Command Injection vulnerability in Cisco Cloud Services Platform 2100 Firmware 2.2(4) A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. | 8.8 |
| 2018-10-05 | CVE-2018-0431 | Command Injection vulnerability in Cisco Unified Computing System 2.0Base/3.0(3A)/3.1(3) A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. | 8.8 |
| 2018-10-05 | CVE-2018-0430 | Command Injection vulnerability in Cisco Unified Computing System 2.0Base/3.0(3A)/3.1(3) A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. | 8.8 |
| 2018-10-05 | CVE-2014-10075 | Command Injection vulnerability in Karo Project Karo 2.3.8 The karo gem 2.3.8 for Ruby allows Remote command injection via the host field. | 9.8 |
| 2018-09-18 | CVE-2018-1000802 | Command Injection vulnerability in multiple products Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. | 9.8 |
| 2018-09-14 | CVE-2018-0718 | Command Injection vulnerability in Qnap Music Station Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. | 9.8 |
| 2018-09-07 | CVE-2016-9044 | Command Injection vulnerability in Informationbuilders Webfocus 8.1 An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . | 8.8 |
| 2018-08-17 | CVE-2018-15356 | Command Injection vulnerability in Eltex Esp-200 Firmware 1.2.0 An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. | 8.8 |
| 2018-08-13 | CVE-2018-0714 | Command Injection vulnerability in Qnap Helpdesk Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. | 9.8 |
| 2018-07-31 | CVE-2016-8628 | Command Injection vulnerability in Redhat Ansible Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. | 9.1 |