CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,011 vulnerabilities with CWE-78
CVE-2022-45639 HIGH
the_sleuth_kit 4.11.1 - OS Command Injection via m Parameter
CVSS 7.8
CVE-2022-37718 HIGH
EdgeNexus Application Delivery Controller 4.2.8 - OS Command Injection
CVSS 8.8
CVE-2022-48126 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - OS Command Injection via OpenVPN Cert Generation Username Parameter
CVSS 9.8
CVE-2022-48125 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - OS Command Injection via OpenVPN Cert Generation Password Parameter
CVSS 9.8
CVE-2022-48124 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - OS Command Injection via OpenVPN Cert Generation FileName Parameter
CVSS 9.8
CVE-2022-48123 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - OS Command Injection via servername Parameter
CVSS 9.8
CVE-2022-48122 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - OS Command Injection via dayvalid Parameter
CVSS 9.8
CVE-2022-48121 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - OS Command Injection via rsabits Parameter
CVSS 9.8
CVE-2022-20964 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via Web Management Interface
CVSS 6.3
CVE-2022-46476 CRITICAL
D-Link DIR-859 A1 1.05 - Command Injection
CVSS 9.8
CVE-2022-47911 CRITICAL
Sewio Real-Time Location System Studio 2.0.0-2.6.2 - OS Command Injection via Backup Service Module Name
CVSS 9.1
CVE-2022-43483 CRITICAL
Sewio Real-Time Location System Studio 2.0.0-2.6.2 - Remote Code Execution via Monitor Services Input Validation
CVSS 9.1
CVE-2022-2251 MEDIUM
GitLab Runner < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 - OS Command Injection via Branch Name
CVSS 4.8
CVE-2022-47853 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - OS Command Injection via HTTPD Service
CVSS 9.8
CVE-2022-41955 HIGH
Autolab 2.0.2-2.9.9 - Authenticated Remote Code Execution via MOSS Functionality
CVSS 8.8
CVE-2022-21191 HIGH
global-modules-path < 3.0.0 - OS Command Injection via getPath Function
CVSS 7.4
CVE-2022-42290 HIGH
NVIDIA DGX A100 Firmware < 00.19.07 - Authenticated OS Command Injection via SPX REST API
CVSS 7.2
CVE-2022-42289 HIGH
NVIDIA DGX A100 Firmware < 00.19.07 - Authenticated OS Command Injection via SPX REST API
CVSS 7.2
CVE-2022-42279 HIGH
NVIDIA DGX A100 Firmware < 00.19.07 - Authenticated OS Command Injection via SPX REST API
CVSS 7.2
CVE-2022-48252 CRITICAL
Pi.Alert - Remote Code Execution via nmap_scan.php Scan Parameter
CVSS 9.8
CVE-2022-43390 MEDIUM
Zyxel NR7101 <V1.15(ACCC.3)C0 - Command Injection
CVSS 5.4
CVE-2022-43973 HIGH
Linksys WRT54GL <=4.30.18.006 - RCE
CVSS 7.2
CVE-2022-43971 HIGH
Linksys WUMC710 Wireless-AC Universal Media Connector <=1.0.02 (bui...
CVSS 7.2
CVE-2022-36926 HIGH
Zoom Rooms < 5.11.3 - Local Privilege Escalation via OS Command Injection
CVSS 8.8
CVE-2022-25890 HIGH
wifey - OS Command Injection via connect() Function
CVSS 7.4
Details
Vulnerabilities 6,011
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits