CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,571 vulnerabilities with CWE-77
CVE-2019-16005 HIGH
Cisco Webex Video Mesh - Command Injection
CVSS 7.2
CVE-2019-12629 HIGH
Cisco SD-WAN Firmware < 18.3.0 - Authenticated OS Command Injection via WebUI Username Field
CVSS 7.2
CVE-2019-17361 CRITICAL
SaltStack Salt < 2019.2.0 - Unauthenticated Remote Code Execution via salt-api NET API
CVSS 9.8
CVE-2019-15010 HIGH
Bitbucket 3.0.0-6.9.0 - Authenticated Remote Code Execution via User Input Fields
CVSS 8.8
CVE-2019-17148 HIGH
Parallels Desktop 14.1.3 - Local Privilege Escalation via Parallels Service
CVSS 7.8
CVE-2019-8255 CRITICAL
Brackets < 1.14 - Command Injection
CVSS 9.8
CVE-2019-15575 HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Command Injection via API Blobs Scope
CVSS 7.5
CVE-2019-15595 HIGH
UniFi Video Controller <= 3.10.6 - Local Privilege Escalation via Command Injection
CVSS 8.8
CVE-2019-18647 HIGH
Untangle NG <14.2.0 - Command Injection
CVSS 7.2
CVE-2019-9467 MEDIUM
Android - Local Privilege Escalation via Bootloader Command Injection
CVSS 6.7
CVE-2019-18780 CRITICAL
Veritas Cluster Server <6.2.1/Linux-UNIX - Command Injection
CVSS 9.8
CVE-2019-15588 HIGH
Nexus Repository Manager <= 2.14.14 - OS Command Injection via CommandLineExecutor.java
CVSS 7.2
CVE-2019-3421 HIGH
ZTE ZX297520V3 Firmware < 7520v3v1.0.0b09p27 - Unauthenticated Command Injection
CVSS 8.0
CVE-2019-18188 HIGH
Trend Micro Apex One - Authenticated Command Injection via Zip File Extraction
CVSS 7.5
CVE-2019-8088 CRITICAL
Adobe Experience Manager 6.2-6.5 - OS Command Injection
CVSS 9.8
CVE-2019-15051 HIGH
Softing uaGate SI, MB, and 840D Firmware < 1.71.00.1225 - OS Command Injection via CGI Script Form Parameter
CVSS 8.8
CVE-2019-1584 CRITICAL
Zingbox Inspector < 1.293 - Remote Code Execution via Malicious Cloud Command
CVSS 9.8
CVE-2019-12736 CRITICAL
JetBrains Ktor < 1.1.5 - Command Injection via LDAP Username
CVSS 9.8
CVE-2019-8073 CRITICAL
ColdFusion 2018 update 4 and earlier, ColdFusion 2016 update 11 and earlier - OS Command Injection
CVSS 9.8
CVE-2019-11279 HIGH
CF UAA < 74.1.0 - Privilege Escalation via Scope Request Array
CVSS 8.8
CVE-2019-11278 HIGH
CloudFoundry UAA < 74.1.0 - Privilege Escalation via SCIM Query Injection
CVSS 8.8
CVE-2019-12661 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via VMAN CLI Command
CVSS 6.7
CVE-2019-12651 HIGH
Cisco IOS XE - Authenticated Remote Command Execution via Web UI
CVSS 8.8
CVE-2019-12650 HIGH
Cisco IOS XE - Authenticated OS Command Injection via Web UI
CVSS 8.8
CVE-2019-13552 HIGH
WebAccess <8.4.1 - Command Injection
CVSS 8.8
Details
Vulnerabilities 3,571
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits