Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2020-17759 | Command Injection vulnerability in Evernote 6.17.7/6.18 An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. | 8.8 |
| 2021-06-24 | CVE-2020-21785 | Command Injection vulnerability in Ibos 4.5.4 In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability. | 8.8 |
| 2021-06-08 | CVE-2021-28811 | Command Injection vulnerability in Roonlabs Roon Server 20210201 If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. | 7.2 |
| 2021-06-03 | CVE-2021-28812 | Command Injection vulnerability in Qnap Video Station A command injection vulnerability has been reported to affect certain versions of Video Station. | 8.8 |
| 2021-06-02 | CVE-2015-1877 | Command Injection vulnerability in multiple products The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. | 8.8 |
| 2021-05-31 | CVE-2020-10666 | Command Injection vulnerability in Sangoma Restapps The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allows remote code execution via a URL variable to an AMI command. | 9.8 |
| 2021-05-27 | CVE-2020-15180 | Command Injection vulnerability in multiple products A flaw was found in the mysql-wsrep component of mariadb. | 9.0 |
| 2021-05-27 | CVE-2021-22899 | Command Injection vulnerability in Ivanti Connect Secure 9.0/9.1 A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | 8.8 |
| 2021-05-26 | CVE-2019-25029 | Command Injection vulnerability in Versa-Networks Versa Director In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. | 9.8 |
| 2021-05-24 | CVE-2020-28901 | Command Injection vulnerability in Nagios Fusion Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. | 9.8 |