CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2022-3276 HIGH
Puppetlabs-mysql <13.0.0 - Command Injection
CVSS 8.4
CVE-2022-3275 HIGH
Puppetlabs-apt <9.0.0 - Command Injection
CVSS 8.4
CVE-2022-37893 HIGH
ArubaOS 10.3.0.0-10.3.1.0 and Aruba Instant 6.4.0.0-6.4.4.8-4.2.4.20 - Authenticated OS Command Injection
CVSS 7.8
CVE-2022-41525 CRITICAL
TOTOLINK NR1800X - Command Injection
CVSS 9.8
CVE-2022-41518 CRITICAL
TOTOLINK NR1800X - Command Injection
CVSS 9.8
CVE-2022-40764 HIGH
Snyk CLI < 1.996.0 - OS Command Injection via vendor.json ignore field
CVSS 7.8
CVE-2022-20930 MEDIUM
Cisco SD-WAN Software < 20.6.2 - Authenticated Arbitrary File Write via CLI Command Injection
CVSS 6.7
CVE-2022-20855 HIGH
Cisco IOS XE for Embedded Wireless Controllers - Authenticated OS Command Injection via Self-Healing Functionality
CVSS 7.9
CVE-2022-20851 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via Web UI API
CVSS 5.5
CVE-2022-40475 CRITICAL
TOTOLINK A860R V4.1.2cu.5182_B20201027 - OS Command Injection via downloadFile.cgi
CVSS 9.8
CVE-2022-40929 CRITICAL
XXL-JOB 2.2.0 - OS Command Injection in Background Tasks
CVSS 9.8
CVE-2022-28811 CRITICAL
Carlo Gavazzi UWP3.0 - Multiple Versions/CPY Car Park Server 2.8.3 ...
CVSS 9.8
CVE-2022-40785 HIGH
mIPC Camera Firmware 5.3.1.2003161406 - Remote Code Execution via Locale File Input
CVSS 8.8
CVE-2022-39224 HIGH
ruby-arr-pm < 0.0.12 - OS Command Injection via Malicious Payload Compressor Field
CVSS 7.0
CVE-2022-37882 HIGH
Aruba ClearPass Policy Manager 6.9.0-6.9.11 and 6.10.0-6.10.6 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2022-37880 HIGH
Aruba ClearPass Policy Manager 6.9.0-6.9.11 and 6.10.0-6.10.6 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2022-37878 HIGH
Aruba ClearPass Policy Manager 6.9.0-6.9.11 and 6.10.0-6.10.6 - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-38828 CRITICAL
TOTOLINK T6 V4.1.5cu.709_B20210518 - Command Injection
CVSS 9.8
CVE-2022-38826 CRITICAL
TOTOLINK T6 V4.1.5cu.709_B20210518 - Command Injection
CVSS 9.8
CVE-2022-38535 HIGH
TOTOLINK A720R Firmware v4.1.5cu.374 - Remote Code Execution via setTracerouteCfg Function
CVSS 7.2
CVE-2022-38534 HIGH
TOTOLINK A720R Firmware v4.1.5cu.374 - Remote Code Execution via setdiagnosicfg Function
CVSS 7.2
CVE-2022-38308 CRITICAL
TOTOLink A700RU 7.4cu.2313_B20191024 - Command Injection
CVSS 9.8
CVE-2022-39819 HIGH
NOKIA 1350 OMS R14.2 - Authenticated OS Command Injection
CVSS 8.8
CVE-2022-39815 CRITICAL
NOKIA 1350 OMS R14.2 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2022-36779 MEDIUM
Proscend M330-W/M330-W5/M350-5G/M350-W5G/M350-6/M350-W6/M301-G/M301-GW & ADVICE ICR-111WG - OS Command Injection
CVSS 6.5
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits