CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,017 vulnerabilities with CWE-78
CVE-2022-24405
CRITICAL
OX App Suite <7.10.6 - Code Injection
CVSS 9.8
CVE-2022-23100
CRITICAL
OX App Suite <= 7.10.6 - OS Command Injection via Documentconverter
CVSS 9.8
CVE-2022-20910
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution and Denial of Service via HTTP Packet User Field
CVSS 4.7
CVE-2022-20888
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field Injection
CVSS 4.7
CVE-2022-20887
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field
CVSS 4.7
CVE-2022-20886
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution and Denial of Service via HTTP Packet User Field
CVSS 4.7
CVE-2022-20885
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field Injection
CVSS 4.7
CVE-2022-20884
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field
CVSS 4.7
CVE-2022-20883
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field
CVSS 4.7
CVE-2022-20882
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field Injection
CVSS 4.7
CVE-2022-20881
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field Injection
CVSS 4.7
CVE-2022-33923
MEDIUM
Dell PowerStore <3.0.0.0 - Command Injection
CVSS 6.4
CVE-2022-22555
MEDIUM
Dell EMC PowerStore - Command Injection
CVSS 6.0
CVE-2022-20880
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field
CVSS 4.7
CVE-2022-20879
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field Injection
CVSS 4.7
CVE-2022-20878
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution and Denial of Service via HTTP Packet User Field
CVSS 4.7
CVE-2022-20877
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field Injection
CVSS 4.7
CVE-2022-20876
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field
CVSS 4.7
CVE-2022-20875
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution via HTTP Packet User Field Injection
CVSS 4.7
CVE-2022-20874
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution and Denial of Service via HTTP Packet User Field
CVSS 4.7
CVE-2022-20873
MEDIUM
Cisco RV110W RV130 RV130W RV215W - Authenticated Remote Code Execution and Denial of Service via HTTP Packet User Field
CVSS 4.7
CVE-2022-2488
HIGH
WAVLINK WN535K2 and WN535K3 - OS Command Injection via touchlist_sync.cgi IP Parameter
CVSS 8.0
CVE-2022-2487
HIGH
WAVLINK WN535K2 and WN535K3 - OS Command Injection via nightled.cgi start_hour Parameter
CVSS 8.0
CVE-2022-2486
HIGH
WAVLINK WN535K2 and WN535K3 - OS Command Injection via mesh.cgi Upgrade Key Parameter
CVSS 8.0
CVE-2022-34540
HIGH
Digital Watchdog MEGApix IP Cameras A7.2.2_20211029 - OS Command Injection via /admin/vca/license/license_tok.cgi
CVSS 8.8
Details
Vulnerabilities
6,017
Exploit Likelihood
High