Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-28 | CVE-2021-33515 | Command Injection vulnerability in multiple products The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. | 4.8 |
| 2021-06-24 | CVE-2020-17759 | Command Injection vulnerability in Evernote 6.17.7/6.18 An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. | 6.8 |
| 2021-06-24 | CVE-2021-29703 | Command Injection vulnerability in IBM DB2 Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. | 5.0 |
| 2021-06-24 | CVE-2020-21785 | Command Injection vulnerability in Ibos 4.5.4 In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. | 6.5 |
| 2021-06-18 | CVE-2021-34809 | Command Injection vulnerability in Synology Download Station Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 6.5 |
| 2021-06-08 | CVE-2021-28811 | Command Injection vulnerability in Roonlabs Roon Server If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. | 6.5 |
| 2021-06-03 | CVE-2021-28812 | Command Injection vulnerability in Qnap Video Station A command injection vulnerability has been reported to affect certain versions of Video Station. | 8.8 |
| 2021-06-02 | CVE-2015-1877 | Command Injection vulnerability in multiple products The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. | 6.8 |
| 2021-05-31 | CVE-2020-10666 | Command Injection vulnerability in Sangoma Restapps The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command. | 7.5 |
| 2021-05-27 | CVE-2020-15180 | Command Injection vulnerability in multiple products A flaw was found in the mysql-wsrep component of mariadb. | 9.0 |