CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,570 vulnerabilities with CWE-77
CVE-2020-12967
HIGH
AMD SEV/SEV-ES - Guest Code Execution by Malicious Hypervisor Admin
CVSS 7.2
CVE-2020-36198
MEDIUM
QNAP Malware Remover < 4.6.1.0 - Remote Command Injection
CVSS 6.7
CVE-2020-13664
HIGH
Drupal Core 8.8.0-8.8.7, 8.9.0, 9.0.0 - Remote Code Execution via Malicious Directory Creation
CVSS 8.8
CVE-2020-7034
HIGH
Avaya Session Border Controller for Enterprise 7.x-8.1.1.x - Authenticated OS Command Injection
CVSS 7.2
CVE-2020-2509
CRITICAL
KEV
QTS < 4.2.6 - OS Command Injection
CVSS 9.8
CVE-2020-27227
CRITICAL
OpenClinic GA 5.173.3 - Command Injection
CVSS 9.8
CVE-2020-25217
HIGH
Grandstream GRP261x Firmware 1.0.3.6 - Authenticated Command Injection
CVSS 7.2
CVE-2020-10580
HIGH
Invigo ADM <5.0 - Command Injection
CVSS 8.8
CVE-2020-8298
CRITICAL
fs-path <0.0.25 - Command Injection
CVSS 9.8
CVE-2020-10519
HIGH
GitHub Enterprise Server < 2.20.24 - Authenticated Remote Code Execution via GitHub Pages Configuration
CVSS 8.8
CVE-2020-28243
HIGH
SaltStack Salt < 3002.5 - Command Injection via Crafted Process Name
CVSS 7.8
CVE-2020-7848
HIGH
EFM ipTIME C200 - Command Injection
CVSS 8.0
CVE-2020-27867
MEDIUM
NETGEAR Multiple Routers - Authenticated Command Injection via funjsq_access_token
CVSS 6.8
CVE-2020-27864
HIGH
D-Link DAP-1860 Firmware < 1.04b03 - Unauthenticated Remote Code Execution via HNAP Authorization Header
CVSS 8.8
CVE-2020-27862
HIGH
D-Link DVA-2800 and DSL-2888A - Unauthenticated Remote Code Execution via dhttpd Path Parameter
CVSS 8.8
CVE-2020-13117
CRITICAL
Wavlink <2020-05-15 - Command Injection
CVSS 9.8
CVE-2020-2507
CRITICAL
QNAP Helpdesk < 3.0.3 - Remote Command Injection
CVSS 9.8
CVE-2020-8101
MEDIUM
ADT LifeShield DIY HD Video Doorbell <1.0.02R09 - Command Injection
CVSS 6.9
CVE-2020-4688
HIGH
IBM Security Guardium 10.6 and 11.2 - Command Injection
CVSS 7.8
CVE-2020-14102
HIGH
Xiaomi AX1800 and RM1800 Firmware < 1.0.336 and < 1.0.26 - Command Injection via DDNS Hostname Processing
CVSS 7.2
CVE-2020-2508
HIGH
QNAP QTS < 4.5.1.1456 and QuTS hero < h4.5.1.1472 - OS Command Injection
CVSS 7.2
CVE-2020-17504
HIGH
Barco TransForm N <3.8 - Command Injection
CVSS 7.2
CVE-2020-17503
HIGH
Barco TransForm N <3.8 - Command Injection
CVSS 7.2
CVE-2020-17502
HIGH
Barco TransForm N <3.8 - Command Injection
CVSS 7.2
CVE-2020-17500
CRITICAL
Barco TransForm <3.8 - Command Injection
CVSS 9.8
Details
Vulnerabilities
3,570
Exploit Likelihood
High