CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-35035 HIGH
Atos Unify OpenScape 4000 Assistant and Manager V10 R0 and R1 < V10 R1.42.0 - Authenticated Command Injection
CVSS 8.8
CVE-2023-35033 HIGH
Atos Unify OpenScape Assistant/Manager V10 R0/R1 < V10 R1.42.0 - Authenticated Command Injection
CVSS 8.8
CVE-2023-35032 HIGH
Atos Unify OpenScape 4000 Assistant and Manager V10 R1 < V10 R1.42.0 and V10 R1.34.8 - Authenticated Command Injection
CVSS 8.8
CVE-2023-35031 HIGH
Atos Unify OpenScape Assistant/Manager V10 R0/R1 < V10 R1.42.0 Authenticated Command Injection
CVSS 8.8
CVE-2023-25911 CRITICAL
Danfoss AK-EM100 Firmware < 2.2.0.12 - Authenticated OS Command Injection via Web Application Parameters
CVSS 9.9
CVE-2023-34233 HIGH
Snowflake Connector for Python < 3.0.2 - Remote Code Execution via SSO Browser URL Authentication
CVSS 8.8
CVE-2023-34232 HIGH
snowflake-connector-nodejs < 1.6.21 - Command Injection via SSO Browser URL Authentication
CVSS 7.3
CVE-2023-34230 HIGH
snowflake-connector-net < 2.0.18 - Remote Code Execution via SSO URL Authentication
CVSS 7.3
CVE-2023-34231 HIGH
gosnowflake < 1.6.19 - Remote Code Execution via SSO Browser URL Authentication
CVSS 8.8
CVE-2023-33556 CRITICAL
TOTOLink A7100RU V7.4cu.2313_B20191024 - Command Injection
CVSS 9.8
CVE-2023-20889 HIGH
VMware Aria Operations for Networks 6.2.0-6.9.0 - Command Injection
CVSS 7.5
CVE-2023-20887 CRITICAL KEV
VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE
CVSS 9.8
CVE-2023-33538 HIGH KEV
TP-Link TL-WR940N TL-WR841N TL-WR740N - OS Command Injection via WlanNetworkRpm Endpoint
CVSS 8.8
CVE-2023-33782 HIGH
D-Link DIR-842V2 v1.0.3 - Command Injection
CVSS 8.8
CVE-2023-30400 CRITICAL
Anyka AK3918EV300 Firmware v18 - OS Command Injection via WiFi SSID or Password
CVSS 9.8
CVE-2023-34111 HIGH
tdengine/grafana < 2023-05-22 - Remote Code Execution via GitHub Workflow Command Injection
CVSS 8.1
CVE-2023-33533 HIGH
Netgear D6220 D8500 R6700 R6900 - Authenticated Command Injection via Web Management Post Request
CVSS 8.8
CVE-2023-33532 CRITICAL
Netgear R6250 <1.0.4.48 - Command Injection
CVSS 9.8
CVE-2023-31569 CRITICAL
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
CVSS 9.8
CVE-2023-33530 HIGH
Tenda G103 Firmware V1.0.0.5 - Authenticated Command Injection
CVSS 8.8
CVE-2023-0636 HIGH
ABB ASPECT-Enterprise and NEXUS Series < 3.07.0 - OS Command Injection
CVSS 7.2
CVE-2023-23952 CRITICAL
Advanced Secure Gateway and Content Analysis <7.3.13.1/3.1.6.0 - Co...
CVSS 9.8
CVE-2023-33722 HIGH
EDIMAX BR-6288ACL v1.12 - Authenticated RCE
CVSS 8.8
CVE-2023-33487 CRITICAL
TOTOLINK X5000R - Command Injection
CVSS 9.8
CVE-2023-33486 CRITICAL
TOTOLINK X5000R - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits