CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,571 vulnerabilities with CWE-77
CVE-2018-0729 CRITICAL
QNAP Music Station < 5.3.5 - OS Command Injection
CVSS 9.8
CVE-2018-19031 HIGH
360 Safe Router P0-P4 V2.0.61.58897 - Authenticated Command Injection
CVSS 8.8
CVE-2018-16417 HIGH
Aruba Instant 4.x < 4.2.4.12, 6.5.x < 6.5.4.11, 8.3.x < 8.3.0.6, 8.4.x < 8.4.0.1 - Command Injection
CVSS 7.5
CVE-2018-19450 HIGH
Foxit Reader SDK 5.4.0.1031 - Command Injection
CVSS 7.8
CVE-2018-19445 HIGH
Foxit Reader SDK (ActiveX) Pro 5.4.0.1031 - Command Injection
CVSS 7.8
CVE-2018-19451 HIGH
Foxit Reader SDK (ActiveX) Pro 5.4.0.1031 - Command Injection
CVSS 7.8
CVE-2018-20523 MEDIUM
Xiaomi Stock Browser 10.2.4.g - Unauthenticated Information Disclosure via Content Provider Injection
CVSS 5.3
CVE-2018-7826 HIGH
Pelco Sarix Enhanced Camera - Command Injection
CVSS 8.8
CVE-2018-7825 HIGH
PelcoSarix Enhanced Camera - Command Injection
CVSS 8.8
CVE-2018-3963 HIGH
CUJO Smart Firewall - OS Command Injection via DHCP Hostname
CVSS 8.0
CVE-2018-20236 HIGH
Sourcetree for Windows <3.0.10 - Command Injection
CVSS 8.8
CVE-2018-19015 HIGH
CX-Supervisor < 3.42 - OS Command Injection via Project File
CVSS 7.3
CVE-2018-19013 MEDIUM
CX-Supervisor < 3.42 - Command Injection via Crafted Project File
CVSS 5.0
CVE-2018-5412 HIGH
Imperva SecureSphere <12.0.0.50 - RCE
CVSS 7.8
CVE-2018-5403 HIGH
Imperva SecureSphere v13 - Remote Code Execution via Web Access Management Interface
CVSS 8.1
CVE-2018-17172 CRITICAL
Xerox AltaLink <100.008.028.05200 - Command Injection
CVSS 9.8
CVE-2018-19911 HIGH
FreeSWITCH < 1.8.2 - Remote Code Execution via mod_xml_rpc API
CVSS 7.5
CVE-2018-14746 CRITICAL
QNAP QTS <4.3.5-4.2.6 - Command Injection
CVSS 9.8
CVE-2018-14893 HIGH
ZyXEL NSA325 V2 <4.81 - Command Injection
CVSS 8.8
CVE-2018-16462 CRITICAL
apex-publish-static-files < 2.0.1 - OS Command Injection via Maliciously Crafted Argument
CVSS 10.0
CVE-2018-16461 CRITICAL
libnmap < 0.4.16 - OS Command Injection via Range Options
CVSS 9.8
CVE-2018-17445 CRITICAL
Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.0-9.3.5 - OS Command Injection
CVSS 9.8
CVE-2018-14649 CRITICAL
Red Hat Ceph Storage 2-3 - Privilege Escalation
CVSS 9.8
CVE-2018-0481 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via CLI Parser
CVSS 6.7
CVE-2018-0477 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via CLI Parser
CVSS 6.7
Details
Vulnerabilities 3,571
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits