Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-08 | CVE-2020-36462 | Command Injection vulnerability in Syncpool Project Syncpool An issue was discovered in the syncpool crate before 0.1.6 for Rust. | 6.8 |
| 2021-08-08 | CVE-2020-36463 | Command Injection vulnerability in Multiqueue Project Multiqueue An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. | 6.8 |
| 2021-08-08 | CVE-2021-38189 | Command Injection vulnerability in Lettre 0.10.0 An issue was discovered in the lettre crate before 0.9.6 for Rust. | 7.5 |
| 2021-08-07 | CVE-2021-38173 | Command Injection vulnerability in multiple products Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. | 9.8 |
| 2021-08-07 | CVE-2021-38169 | Command Injection vulnerability in Roxy-Wi Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py. | 6.5 |
| 2021-08-06 | CVE-2021-36705 | Command Injection vulnerability in Prolink Prc2402M Firmware In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system. | 7.5 |
| 2021-08-06 | CVE-2021-36706 | Command Injection vulnerability in Prolink Prc2402M Firmware In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system. | 7.5 |
| 2021-08-06 | CVE-2021-36707 | Command Injection vulnerability in Prolink Prc2402M Firmware In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system. | 7.5 |
| 2021-07-30 | CVE-2021-30124 | Command Injection vulnerability in Vscode-PHPmd Project Vscode-PHPmd The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder. | 7.5 |
| 2021-07-23 | CVE-2021-23412 | Command Injection vulnerability in Gitlogplus Project Gitlogplus All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization. | 7.5 |