CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2022-45104 HIGH
Dell EMC VASA Provider vApp < 9.2.4.15 - Authenticated OS Command Injection
CVSS 8.8
CVE-2022-43550 CRITICAL
Jitsi <8aa7be58522f4264078d54752aae5483bfd854b2 - Command Injection
CVSS 9.8
CVE-2022-25855 HIGH
create-choo-app3 - OS Command Injection via devInstall Function
CVSS 7.4
CVE-2022-45095 MEDIUM
Dell PowerScale OneFS 9.1.0.0-9.1.0.25 - Authenticated Command Injection via Log Collection
CVSS 6.7
CVE-2022-25916 HIGH
mt7688-wiscan < 0.8.3 - OS Command Injection via wiscan.scan Function
CVSS 7.4
CVE-2022-21129 HIGH
nemo-appium < 0.0.9 - OS Command Injection via Improper Input Sanitization in module.exports.setup
CVSS 7.4
CVE-2022-25962 HIGH
vagrant.js - OS Command Injection via boxAdd Function
CVSS 7.4
CVE-2022-25908 HIGH
create-choo-electron - OS Command Injection via devInstall Function
CVSS 7.4
CVE-2022-25350 HIGH
puppet-facter - OS Command Injection via getFact Function
CVSS 7.4
CVE-2022-21810 HIGH
smartctl - OS Command Injection via Info Method
CVSS 7.4
CVE-2022-41955 HIGH
Autolab 2.0.2-2.9.9 - Authenticated Remote Code Execution via MOSS Functionality
CVSS 8.8
CVE-2022-21191 HIGH
global-modules-path < 3.0.0 - OS Command Injection via getPath Function
CVSS 7.4
CVE-2022-4616 HIGH
Delta DX-3021 <1.24 - Command Injection
CVSS 7.2
CVE-2022-45094 HIGH
SINEC INS < V1.0 SP2 Update 1 - Authenticated Remote Code Execution via DHCP Configuration Injection
CVSS 8.4
CVE-2022-39073 CRITICAL
ZTE MF286R Firmware - OS Command Injection
CVSS 9.8
CVE-2022-25923 HIGH
exec-local-bin < 1.2.0 - OS Command Injection via theProcess() Function
CVSS 7.4
CVE-2022-39088 MEDIUM
Network Service - Privilege Escalation
CVSS 6.7
CVE-2022-39087 MEDIUM
Network Service - Privilege Escalation
CVSS 6.7
CVE-2022-39086 MEDIUM
Network Service - Privilege Escalation
CVSS 6.7
CVE-2022-39085 MEDIUM
Network Service - Privilege Escalation
CVSS 6.7
CVE-2022-39084 MEDIUM
Network Service - Privilege Escalation
CVSS 6.7
CVE-2022-39083 MEDIUM
Network Service - Privilege Escalation
CVSS 6.7
CVE-2022-39082 MEDIUM
Network Service - Privilege Escalation
CVSS 6.7
CVE-2022-39081 MEDIUM
Network Service - Privilege Escalation
CVSS 6.7
CVE-2022-32665 CRITICAL
MediaTek LinkIt Software Development Kit < tlb7.3.258.100-p1-1555 - Unauthenticated Remote Command Injection in Boa
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits