CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,016 vulnerabilities with CWE-78
CVE-2022-4257 MEDIUM
C-DATA Web Management System - Argument Injection
CVSS 6.3
CVE-2022-4221 CRITICAL
ASUS NAS-M25 Firmware <= 1.0.1.7 - Unauthenticated OS Command Injection via Cookie
CVSS 9.8
CVE-2022-45045 HIGH
Xiongmaitech Mbd6304t - OS Command Injection
CVSS 8.8
CVE-2022-24441 MEDIUM
Snyk CLI < 1.1064.0 - Code Injection via Malicious Build File Analysis
CVSS 5.8
CVE-2022-22984 MEDIUM
Snyk CLI < 1.1064.0 - Command Injection via Crafted Command Line Flags
CVSS 5.0
CVE-2022-36962 HIGH
SolarWinds Orion Platform - OS Command Injection
CVSS 7.2
CVE-2022-45939 HIGH
GNU Emacs <= 28.2 - OS Command Injection via ctags Source-Code Filename
CVSS 7.8
CVE-2022-44844 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - OS Command Injection via OpenVPN Pass Parameter
CVSS 9.8
CVE-2022-44843 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - OS Command Injection via OpenVPN Client Port Parameter
CVSS 9.8
CVE-2022-44252 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 - Command Injection
CVSS 9.8
CVE-2022-44251 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 - Command Injection
CVSS 9.8
CVE-2022-44250 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 - Command Injection
CVSS 9.8
CVE-2022-44249 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 - Command Injection
CVSS 9.8
CVE-2022-41942 HIGH
Sourcegraph < 4.1.0 - OS Command Injection via Gitserver /list-gitolite Host Parameter
CVSS 7.9
CVE-2022-44808 CRITICAL
D-Link DIR-823G Firmware 1.02B03 - OS Command Injection via HNAP1 Request
CVSS 9.8
CVE-2022-44201 CRITICAL
D-Link DIR823G 1.02B05 - Command Injection
CVSS 9.8
CVE-2022-41131 HIGH
Apache Airflow <4.1.0, <2.3.0 - Command Injection
CVSS 7.8
CVE-2022-40954 MEDIUM
Apache Airflow <4.0.0, <2.3.0 - Command Injection
CVSS 5.5
CVE-2022-40189 CRITICAL
Apache Airflow < 2.3.0 - OS Command Injection via Pig Provider
CVSS 9.8
CVE-2022-38649 CRITICAL
Apache Airflow <4.0.0, <2.3.0 - Command Injection
CVSS 9.8
CVE-2022-45461 HIGH
Veritas NetBackup < 10.1 - Authenticated Remote Code Execution via Java Admin Console
CVSS 7.5
CVE-2022-20934 MEDIUM
Cisco Firepower Threat Defense and FXOS - Authenticated OS Command Injection via CLI
CVSS 6.0
CVE-2022-20926 MEDIUM
Cisco Firepower Management Center - Authenticated OS Command Injection via Web Management API
CVSS 6.3
CVE-2022-20925 MEDIUM
Cisco Firepower Management Center - Authenticated OS Command Injection via API Endpoint
CVSS 6.3
CVE-2022-42053 HIGH
Tenda W15E Firmware V15.11.0.10(1576) - OS Command Injection via PortMappingServer Parameter
CVSS 7.8
Details
Vulnerabilities 6,016
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits