Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-43113 | Command Injection vulnerability in multiple products iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | 9.8 |
| 2021-12-10 | CVE-2021-35978 | Command Injection vulnerability in Digi products An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. | 9.8 |
| 2021-12-07 | CVE-2021-42129 | Command Injection vulnerability in Ivanti Avalanche A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | 8.8 |
| 2021-12-07 | CVE-2021-42132 | Command Injection vulnerability in Ivanti Avalanche A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | 8.8 |
| 2021-12-06 | CVE-2021-43469 | Command Injection vulnerability in Vinga Wr-N300U Firmware 77.102.1.4853 VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. | 8.8 |
| 2021-11-30 | CVE-2021-43319 | Command Injection vulnerability in Zohocorp Manageengine Network Configuration Manager Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. | 9.8 |
| 2021-11-23 | CVE-2021-37102 | Command Injection vulnerability in Huawei Fusioncompute There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. | 8.8 |
| 2021-11-22 | CVE-2021-43557 | Command Injection vulnerability in Apache Apisix The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. | 7.5 |
| 2021-11-22 | CVE-2021-44079 | Command Injection vulnerability in Wazuh In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. | 9.8 |
| 2021-11-16 | CVE-2021-26321 | Command Injection vulnerability in AMD products Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. | 5.5 |