Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

command injection vulnerabilities and exploits

(subscribe to this query)

8.8
CVSSv3
CVE-2019-10854
Computrols CBAS 18.0.0 allows Authenticated Command Injection....
Computrols Computrols Building Automation Software
9.8
CVSSv3
CVE-2018-1002101
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection....
Kubernetes Kubernetes
8.8
CVSSv3
CVE-2019-13051
Pi-Hole 4.3 allows Command Injection....
Pi-hole Pi-hole 4.3
9.8
CVSSv3
CVE-2017-1000220
soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution...
Pidusage Project Pidusage
9.8
CVSSv3
CVE-2021-46007
totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks....
Totolink Ar3100r Firmware 5.9c.4577
7.8
CVSSv3
CVE-2017-1000083
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as...
Gnome EvinceDebian Debian Linux 8.0Debian Debian Linux 9.0Redhat Enterprise Linux Server Eus 7.6Redhat Enterprise Linux Server Eus 7.4Redhat Enterprise Linux Server Eus 7.5Redhat Enterprise Linux Server Aus 7.6Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server Tus 7.4Redhat Enterprise Linux Server 7.5Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Server Aus 7.4Redhat Enterprise Linux Server 7.4Redhat Enterprise Linux Server 7.6
9.8
CVSSv3
CVE-2020-7624
effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument....
Effect Project Effect
9.8
CVSSv3
CVE-2020-7623
jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument....
Jscover Project Jscover
7.5
CVSSv3
CVE-2016-0634
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine....
Gnu Bash 4.3
8.8
CVSSv3
CVE-2021-41552
CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection....
Commscope Arris Surfboard Sbg6950ac2 Firmware 9.1.103aa23Commscope Arris Surfboard Sbg7400ac2 Firmware -Commscope Arris Surfboard Sbg7580ac Firmware -Commscope Arris Surfboard Sbg7600ac2 Firmware -Commscope Arris Surfboard Sbg10 Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-3236CVE-2022-32781CVE-2022-32826IDORopen redirectCVE-2022-32849CVE-2022-26134CVE-2022-40667unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook