CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,571 vulnerabilities with CWE-77
CVE-2017-12075 HIGH
Synology DSM <6.2-23739 - Command Injection
CVSS 7.2
CVE-2017-16100 CRITICAL
dns-sync < 0.1.1 - OS Command Injection via resolve() Method
CVSS 9.8
CVE-2017-2833 HIGH
Foscam C1 Indoor HD Camera 2.52.2.37 - Command Injection via Web Management Interface
CVSS 7.5
CVE-2017-2832 HIGH
Foscam C1 Indoor HD Camera 2.52.2.37 - OS Command Injection via Password Change
CVSS 7.2
CVE-2017-7161 HIGH
Safari < 11.0.2 - Remote Code Execution via WebKit Web Inspector
CVSS 8.8
CVE-2017-0916 CRITICAL
GitLab 8.8.0-10.1.5 - Remote Code Execution via Web Hook Input Validation Bypass
CVSS 9.8
CVE-2017-0915 CRITICAL
GitLab 8.9.0-9.5.9 - Remote Code Execution via GitlabProjectsImportService Input Validation
CVSS 9.8
CVE-2017-1720 MEDIUM
IBM Notes 8.5 and 9.0 - OS Command Injection via Shared Memory IPC
CVSS 5.3
CVE-2017-14593 HIGH
Sourcetree for Windows <2.4.7.0 - Command Injection
CVSS 8.8
CVE-2017-14592 HIGH
Sourcetree for macOS <2.7.0 - Command Injection
CVSS 8.8
CVE-2017-15940 CRITICAL
PAN-OS < 6.1.19, 7.0.x < 7.0.19, 7.1.x < 7.1.14, 8.0.x < 8.0.6 - Authenticated RCE via Web Interface
CVSS 9.8
CVE-2017-15889 HIGH
Synology DiskStation Manager < 5.2-5967-5 - Authenticated Command Injection via smart.cgi Disk Field
CVSS 8.8
CVE-2017-12352 MEDIUM
Cisco Application Policy Infrastructure Controller - Authenticated Command Injection via System Script Files
CVSS 6.7
CVE-2017-12341 MEDIUM
Cisco NX-OS System Software - Command Injection
CVSS 6.7
CVE-2017-12339 MEDIUM
Cisco NX-OS System Software - Command Injection
CVSS 5.7
CVE-2017-12335 MEDIUM
Cisco NX-OS System Software - Command Injection
CVSS 6.3
CVE-2017-12330 MEDIUM
Cisco NX-OS System Software - Command Injection
CVSS 6.3
CVE-2017-12329 MEDIUM
Cisco Firepower FXOS/NX-OS - Command Injection
CVSS 6.3
CVE-2017-8197 HIGH
FusionSphere V100R006C00SPC102(NFV) - Authenticated Command Injection
CVSS 7.2
CVE-2017-8193 HIGH
FusionSphere OpenStack V100R006C00SPC102(NFV) - Authenticated Command Injection
CVSS 8.0
CVE-2017-8188 HIGH
FusionSphere OpenStack V100R006C00SPC102(NFV) - Authenticated Command Injection
CVSS 7.2
CVE-2017-8135 HIGH
FusionSphere OpenStack V100R006C00 and V100R006C10 - Unauthenticated Command Injection via TCP Listening Ports
CVSS 8.8
CVE-2017-8134 HIGH
FusionSphere OpenStack V100R006C00 and V100R006C10 - Unauthenticated Command Injection via TCP Listening Ports
CVSS 8.8
CVE-2017-8133 HIGH
Huawei iManager NetEco V600R008C00 and V600R008C10 - Authenticated Command Injection
CVSS 8.8
CVE-2017-8132 HIGH
FusionSphere OpenStack V100R006C00 and V100R006C10 - Unauthenticated Command Injection via TCP Listening Ports
CVSS 8.8
Details
Vulnerabilities 3,571
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits