CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,016 vulnerabilities with CWE-78
CVE-2022-37901 HIGH
ArubaOS 6.5.4.0-6.5.4.22 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.6 - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-37900 HIGH
ArubaOS 6.5.4.0-6.5.4.22 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.6 - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-37899 HIGH
ArubaOS SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.6 and ArubaOS 6.5.4.0-6.5.4.22 - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-37898 HIGH
ArubaOS and SD-WAN - Authenticated OS Command Injection via Command Line Interface
CVSS 7.2
CVE-2022-37897 CRITICAL
Aruba SD-WAN 8.7.0.0-2.3.0.5 & ArubaOS 6.5.4.0-6.5.4.21 - RCE via PAPI UDP Port
CVSS 9.8
CVE-2022-45145 CRITICAL
CHICKEN 5.0.0-5.3.0 - OS Command Injection via .egg File Escape Characters
CVSS 9.8
CVE-2022-33186 CRITICAL
Brocade Fabric OS v9.1.1 v9.0.1e v8.2.3c v7.4.2j and earlier - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2022-45506 CRITICAL
Tenda W30E v1.0.1.25(633) - OS Command Injection via fileNameMit Parameter
CVSS 9.8
CVE-2022-45497 CRITICAL
Tenda W6-S v1.0.0.4(510) - OS Command Injection via tpi_get_ping_output Function
CVSS 9.8
CVE-2022-4364 HIGH
Teledyne FLIR AX8 <1.46.16 - Command Injection
CVSS 7.3
CVE-2022-44606 HIGH
UDR-JA1604/UDR-JA1608/UDR-JA1616 Firmware < 71x10.1.107114.43a - Authenticated OS Command Injection
CVSS 8.8
CVE-2022-43464 HIGH
UDR-JA16xx <71x10.1.107112.43A - Command Injection
CVSS 8.8
CVE-2022-45026 CRITICAL
Markdown Preview Enhanced 0.6.5 and 0.19.6 - OS Command Injection during GFM Export
CVSS 9.8
CVE-2022-45025 CRITICAL
Markdown Preview Enhanced - OS Command Injection via PDF File Import
CVSS 9.8
CVE-2022-45915 HIGH
ILIAS < 7.16 - OS Command Injection
CVSS 8.8
CVE-2022-43867 HIGH
IBM Spectrum Scale <5.1.4.1 - Command Injection
CVSS 7.8
CVE-2022-25912 HIGH
simple-git < 3.15.0 - Remote Code Execution via Ext Transport Protocol in Clone Method
CVSS 8.1
CVE-2022-43548 HIGH
Node.js <14.21.1, <16.18.1, <18.12.1, <19.0.1 - Command Injection
CVSS 8.1
CVE-2022-46169 CRITICAL KEV
Cacti 1.2.22 unauthenticated command injection
CVSS 9.8
CVE-2022-42496 CRITICAL
nadesiko3 < 3.3.74 - OS Command Injection in Nako3edit
CVSS 9.8
CVE-2022-41642 CRITICAL
Nadesiko3 PC <3.3.61 - Command Injection
CVSS 9.8
CVE-2022-44930 CRITICAL
D-Link DHP-W310AV 3.10EU - OS Command Injection via System Checks Function
CVSS 9.8
CVE-2022-44928 CRITICAL
D-Link DVG-G5402SP GE_1.03 - OS Command Injection via Maintenance Function
CVSS 9.8
CVE-2022-43325 CRITICAL
Telos Alliance Omnia MPX Node <1.4. - Command Injection
CVSS 9.8
CVE-2022-3226 HIGH
Sophos Firewall <19.5 GA - Command Injection
CVSS 7.2
Details
Vulnerabilities 6,016
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits