Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-04-11 CVE-2016-4446 Command Injection vulnerability in multiple products
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0
2017-04-11 CVE-2016-4445 Command Injection vulnerability in multiple products
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0
2017-04-11 CVE-2016-4444 Command Injection vulnerability in multiple products
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.
local
high complexity
setroubleshoot-project redhat CWE-77
7.0
2017-04-10 CVE-2016-10322 Command Injection vulnerability in Synology Photo Station
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
network
low complexity
synology CWE-77
8.8
2017-04-10 CVE-2016-6534 Command Injection vulnerability in Opmantek Network Management Information System 4.3.6F/8.5.10G
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script.
network
high complexity
opmantek CWE-77
7.5
2017-04-10 CVE-2016-5067 Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
network
low complexity
sierrawireless CWE-77
8.8
2017-04-10 CVE-2016-5065 Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
network
low complexity
sierrawireless CWE-77
critical
9.8
2017-04-03 CVE-2016-10312 Command Injection vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.
network
low complexity
jensenofscandinavia CWE-77
critical
9.8
2017-04-02 CVE-2016-8801 Command Injection vulnerability in Huawei Oceanstor 5600 V3 Firmware V300R003C00/V300R003C00C10
Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege.
network
low complexity
huawei CWE-77
7.2
2017-03-31 CVE-2014-9114 Command Injection vulnerability in multiple products
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.
local
low complexity
opensuse fedoraproject kernel CWE-77
7.8