CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2021-45514 CRITICAL
NETGEAR XR1000 Firmware < 1.0.0.58 - Unauthenticated Command Injection
CVSS 9.6
CVE-2021-45513 CRITICAL
NETGEAR XR1000 Firmware < 1.0.0.58 - Unauthenticated Command Injection
CVSS 9.6
CVE-2021-3621 HIGH
SSSD - OS Command Injection via sssctl logs-fetch and cache-expire Subcommands
CVSS 8.8
CVE-2021-45459 CRITICAL
node-windows < 1.0.0-beta.6 - Command Injection via PID Parameter
CVSS 9.8
CVE-2021-27449 CRITICAL
Mesa Labs AmegaView <3.0 - Command Injection
CVSS 9.9
CVE-2021-27447 CRITICAL
Mesa Labs AmegaView <3.0 - Command Injection
CVSS 10.0
CVE-2021-43113 CRITICAL
iTextPDF <7.1.17 - Command Injection
CVSS 9.8
CVE-2021-35978 CRITICAL
Digi TransPort DR64 SR44 VC74 WR - Remote Command Execution via ZING Protocol
CVSS 9.8
CVE-2021-42132 HIGH
Ivanti Avalanche < 6.3.3 - Authenticated Command Injection via Inforail Service
CVSS 8.8
CVE-2021-42129 HIGH
Ivanti Avalanche < 6.3.3 - Authenticated Command Injection via Inforail Service
CVSS 8.8
CVE-2021-43469 HIGH
VINGA WR-N300U 77.102.1.4853 - OS Command Injection in goahead Component
CVSS 8.8
CVE-2021-43319 CRITICAL
Zoho ManageEngine Network Config Mgr <125488 - Command Injection
CVSS 9.8
CVE-2021-37102 HIGH
FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0 - Command Injection in CMA Service Module
CVSS 8.8
CVE-2021-43557 HIGH
Apache APISIX < 2.10.2 - URI Blocklist Bypass via Unnormalized Request URI
CVSS 7.5
CVE-2021-44079 CRITICAL
Wazuh 4.2.0-4.2.4 - Remote Code Execution via wazuh-slack Active Response Script
CVSS 9.8
CVE-2021-26321 MEDIUM
AMD EPYC 7001 Series Firmware - Authenticated Denial of Service via SEV ID Command Validation
CVSS 5.5
CVE-2021-43339 HIGH
Ericsson Network Location <2021-07-31 - Command Injection
CVSS 8.8
CVE-2021-40345 HIGH
Nagios XI <5.8.5 - Command Injection
CVSS 7.2
CVE-2021-42538 HIGH
Emerson Wireless 1410/1410D/1420 Gateway Firmware < 4.7.94 - OS Command Injection via Passphrase Parameter
CVSS 8.0
CVE-2021-41744 CRITICAL
Yonyou UFIDA PLM - Unauthenticated Command Injection via JBoss Management Interface
CVSS 9.8
CVE-2021-34362 HIGH
QNAP Media Streaming add-on < 500.0.0.3 - OS Command Injection
CVSS 8.7
CVE-2021-41146 HIGH
qutebrowser 1.7.0-2.4.0 - Remote Code Execution via URL Handler Command Injection
CVSS 8.8
CVE-2021-42740 CRITICAL
shell-quote < 1.7.3 - Command Injection via Windows Drive Letter Regex
CVSS 9.8
CVE-2021-31358 HIGH
Juniper Junos OS Evolved OS Command Injection via SFTP (Auth Required)
CVSS 7.8
CVE-2021-31357 HIGH
Juniper Junos OS Evolved OS Command Injection via tcpdump
CVSS 7.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits