CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,572 vulnerabilities with CWE-77
CVE-2016-0324
HIGH
IBM Security Identity Manager Virtual Appliance <7.0.1.0 - RCE
CVSS 8.8
CVE-2016-4922
HIGH
Junos OS - Authenticated Command Injection via CLI Commands
CVSS 8.4
CVE-2016-6655
CRITICAL
Cloud Foundry Foundation <v245 - Command Injection
CVSS 9.8
CVE-2016-10329
CRITICAL
Synology Photo Station < 6.5.3-3226 - Remote Code Execution via X-Forwarded-For Header
CVSS 9.8
CVE-2016-1555
CRITICAL
KEV
Netgear Devices Unauthenticated Remote Command Execution
CVSS 9.8
CVE-2016-4989
HIGH
setroubleshoot - Command Injection via Crafted File Name or XML Document
CVSS 7.0
CVE-2016-4446
HIGH
setroubleshoot - Command Injection via Crafted Filename in allow_execstack Plugin
CVSS 7.0
CVE-2016-4445
HIGH
setroubleshoot <3.2.23 - Privilege Escalation
CVSS 7.0
CVE-2016-4444
HIGH
setroubleshoot <3.2.23 - Command Injection
CVSS 7.0
CVE-2016-10322
HIGH
Synology Photo Station < 6.3-2954 - Authenticated Command Injection via X-Forwarded-For Header
CVSS 8.8
CVE-2016-6534
HIGH
Opmantek NMIS <4.3.7c - Command Injection
CVSS 7.5
CVE-2016-5067
HIGH
Sierra Wireless GX 440 ALEOS Firmware 4.3.2 - Command Injection via Hayes AT Command
CVSS 8.8
CVE-2016-5065
CRITICAL
Sierra Wireless GX 440 ALEOS Firmware 4.3.2 - OS Command Injection via Embedded_Ace_Set_Task.cgi
CVSS 9.8
CVE-2016-10312
CRITICAL
Jensenofscandinavia Al3g Firmware - Command Injection
CVSS 9.8
CVE-2016-8801
HIGH
Huawei OceanStor 5600 V3 <V300R003C00C10 - Command Injection
CVSS 7.2
CVE-2016-4929
HIGH
Junos Space < 15.2 - Remote Code Execution
CVSS 8.8
CVE-2016-10194
CRITICAL
festivaltts4r - Remote Code Execution via Shell Metacharacters in to_speech or to_mp3 Methods
CVSS 9.8
CVE-2016-9684
CRITICAL
SonicWall Secure Remote Access Server 8.1.0.2-14sv - Remote Command Injection via viewcert CGI
CVSS 9.8
CVE-2016-9683
CRITICAL
SonicWall Secure Remote Access Server 8.1.0.2-14sv - Remote Command Injection
CVSS 9.8
CVE-2016-9682
CRITICAL
SonicWall Secure Remote Access Server 8.1.0.2-14sv - Remote Command Injection via Diagnostics CGI
CVSS 9.8
CVE-2016-9337
MEDIUM
Tesla Motors Model S <7.1 (2.36.31) - Command Injection
CVSS 6.8
CVE-2016-10098
CRITICAL
SendQuick Entera/Avera <2HF16 - Command Injection
CVSS 9.8
CVE-2016-9873
MEDIUM
EMC Documentum D2 4.5 and 4.6 - Authenticated DQL Injection
CVSS 6.3
CVE-2016-6649
MEDIUM
EMC RecoverPoint <4.4.1.1-5.0 - Command Injection
CVSS 6.7
CVE-2016-0396
HIGH
IBM Tivoli Endpoint Manager - Privilege Escalation
CVSS 8.1
Details
Vulnerabilities
3,572
Exploit Likelihood
High