Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-26 | CVE-2021-45635 | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
| 2021-12-22 | CVE-2021-45459 | Command Injection vulnerability in Node-Windows Project Node-Windows lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter. | 9.8 |
| 2021-12-21 | CVE-2021-27449 | Command Injection vulnerability in Mesalabs Amegaview Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server. | 8.8 |
| 2021-12-15 | CVE-2021-43113 | Command Injection vulnerability in multiple products iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | 9.8 |
| 2021-12-10 | CVE-2021-35978 | Command Injection vulnerability in Digi products An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. | 9.8 |
| 2021-12-07 | CVE-2021-42129 | Command Injection vulnerability in Ivanti Avalanche A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | 8.8 |
| 2021-12-07 | CVE-2021-42132 | Command Injection vulnerability in Ivanti Avalanche A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | 8.8 |
| 2021-12-06 | CVE-2021-43469 | Command Injection vulnerability in Vinga Wr-N300U Firmware 77.102.1.4853 VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. | 8.8 |
| 2021-11-30 | CVE-2021-43319 | Command Injection vulnerability in Zohocorp Manageengine Network Configuration Manager Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. | 9.8 |
| 2021-11-23 | CVE-2021-37102 | Command Injection vulnerability in Huawei Fusioncompute There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. | 8.8 |