Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-20 | CVE-2018-5428 | Command Injection vulnerability in Tibco Data Virtualization 7.0.5/7.0.6 The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. | 8.8 |
| 2018-06-08 | CVE-2014-5220 | Command Injection vulnerability in multiple products The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. | 7.8 |
| 2018-06-08 | CVE-2017-12078 | Command Injection vulnerability in Synology Router Manager Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. | 7.2 |
| 2018-06-08 | CVE-2017-12075 | Command Injection vulnerability in Synology Diskstation Manager Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. | 7.2 |
| 2018-06-07 | CVE-2017-16100 | Command Injection vulnerability in Dns-Sync Project Dns-Sync 0.1.0/0.1.1 dns-sync is a sync/blocking dns resolver. | 9.8 |
| 2018-05-29 | CVE-2016-7076 | Command Injection vulnerability in Sudo Project Sudo sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. | 7.8 |
| 2018-05-17 | CVE-2018-1111 | Command Injection vulnerability in multiple products DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. | 7.5 |
| 2018-04-25 | CVE-2014-5014 | Command Injection vulnerability in Tinywebgallery Wordpress Flash Uploader The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. | 9.8 |
| 2018-04-24 | CVE-2017-2833 | Command Injection vulnerability in Foscam C1 Firmware 2.52.2.37 An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. | 7.5 |
| 2018-04-24 | CVE-2017-2832 | Command Injection vulnerability in Foscam C1 Firmware 2.52.2.37 An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. | 7.2 |