CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,570 vulnerabilities with CWE-77
CVE-2021-38520
MEDIUM
NETGEAR R6400/R6700/R6900/R7000P Firmware - Authenticated Command Injection
CVSS 6.6
CVE-2021-38519
MEDIUM
NETGEAR devices - Command Injection
CVSS 6.3
CVE-2021-38518
HIGH
NETGEAR RAX200/RAX75/RAX80 < 1.0.4.120 and RBK852/RBR850/RBS850 < 3.2.17.12 - Authenticated Command Injection
CVSS 8.4
CVE-2021-38373
MEDIUM
KDE KMail <19.12.3 - Info Disclosure
CVSS 5.3
CVE-2021-38372
LOW
KDE Trojita 0.7 - Man-in-the-Middle Folder Creation via Untagged IMAP Responses
CVSS 3.7
CVE-2021-38370
MEDIUM
Alpine < 2.25 - Command Injection via Untagged IMAP Responses Before STARTTLS
CVSS 5.9
CVE-2021-38189
CRITICAL
lettre < 0.9.6 - SMTP Command Injection via Message Body
CVSS 9.8
CVE-2021-38173
CRITICAL
btrbk < 0.31.2 - Remote Command Execution via SSH Filter Bypass
CVSS 9.8
CVE-2021-38169
HIGH
Roxy-WI <5.2.2.0 - Command Injection
CVSS 8.8
CVE-2021-36707
CRITICAL
ProLink PRC2402M Firmware < 1.0.18 - OS Command Injection via ledonoff led_cmd Parameter
CVSS 9.8
CVE-2021-21406
MEDIUM
Combodo iTop < 2.7.4 - Command Injection via Graphviz Executable Path
CVSS 5.8
CVE-2021-22867
MEDIUM
GitHub Enterprise Server < 2.22.17 - Authenticated Path Traversal via GitHub Pages Configuration
CVSS 6.5
CVE-2021-32529
CRITICAL
QSAN SANOS < 2.0.0 and XEVO < 1.2.0 - Unauthenticated Remote Command Execution
CVSS 9.8
CVE-2021-33515
MEDIUM
Dovecot <2.3.15 - Command Injection
CVSS 4.8
CVE-2021-34809
CRITICAL
Synology Download Station < 3.8.16-3566 - Authenticated Remote Code Execution via Task Management Component
CVSS 9.9
CVE-2021-28811
HIGH
Roon Server < 2021-05-18 - Remote Command Injection
CVSS 7.2
CVE-2021-20699
CRITICAL
Sharp NEC Displays <R1.300 - Path Traversal
CVSS 9.8
CVE-2021-32661
MEDIUM
@backstage/plugin-techdocs < 0.9.5 - Stored Cross-Site Scripting via Object Element Injection
CVSS 6.8
CVE-2021-32660
MEDIUM
@backstage/tehdocs-common <0.6.4 - Info Disclosure
CVSS 6.8
CVE-2021-28812
HIGH
QNAP Video Station < 5.5.4 - Remote Command Injection
CVSS 8.8
CVE-2021-3515
MEDIUM
pglogical <2.3.4, <3.6.26 - Command Injection
CVSS 6.7
CVE-2021-22899
HIGH
KEV
Pulse Connect Secure <9.1R11.4 - Command Injection
CVSS 8.8
CVE-2021-1560
MEDIUM
Cisco DNA Spaces Connector < 2.0.519 - Authenticated OS Command Injection
CVSS 6.5
CVE-2021-1555
MEDIUM
Cisco Small Business WAP125, WAP131, WAP150, WAP351, WAP361, WAP581 Firmware - Authenticated Command Injection
CVSS 4.7
CVE-2021-1554
MEDIUM
Cisco Small Business WAP125, WAP131, WAP150, WAP351, WAP361, WAP581 Firmware - Authenticated Command Injection
CVSS 4.7
Details
Vulnerabilities
3,570
Exploit Likelihood
High