CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,017 vulnerabilities with CWE-78
CVE-2022-26991
CRITICAL
Arris SBR-AC1900P/SBR-AC3200P/SBR-AC1200P OS Command Injection via NTP TimeZone
CVSS 9.8
CVE-2022-26990
CRITICAL
Arris routers <1.0.7-B05 - Command Injection
CVSS 9.8
CVE-2022-26214
CRITICAL
Totolink Multiple Routers OS Command Injection via NTPSyncWithHost host_time Parameter
CVSS 9.8
CVE-2022-26213
CRITICAL
Totolink X5000R_Firmware v9.1.0u.6118_B20201102 - Command Injection
CVSS 9.8
CVE-2022-26212
CRITICAL
Totolink <5.9c.5185 - Command Injection
CVSS 9.8
CVE-2022-26211
CRITICAL
Totolink Multiple Routers OS Command Injection via CloudACMunualUpdate
CVSS 9.8
CVE-2022-26210
CRITICAL
Totolink <various - Command Injection
CVSS 9.8
CVE-2022-26209
CRITICAL
Totolink - Command Injection
CVSS 9.8
CVE-2022-26208
CRITICAL
Totolink <5.9c.5185 - Command Injection
CVSS 9.8
CVE-2022-26207
CRITICAL
Totolink <5.9c.5185 - Command Injection
CVSS 9.8
CVE-2022-26206
CRITICAL
Totolink <5.9c.5185 - Command Injection
CVSS 9.8
CVE-2022-25621
CRITICAL
NEC UNIVERGE WA Series Firmware < 8.2.11 - Remote OS Command Injection
CVSS 9.8
CVE-2022-24193
CRITICAL
CasaOS < 0.2.7 - OS Command Injection
CVSS 9.8
CVE-2022-24753
HIGH
Stripe CLI < 1.7.13 - Command Injection
CVSS 7.7
CVE-2022-0848
CRITICAL
part-db < 0.5.11 - OS Command Injection
CVSS 9.8
CVE-2022-24725
MEDIUM
shescape 1.4.0-1.5.1 - Home Directory Exposure via Interpolation Option in Bash
CVSS 6.2
CVE-2022-0841
CRITICAL
npm-lockfile 2.0.3-2.0.4 - OS Command Injection
CVSS 9.8
CVE-2022-22301
HIGH
FortiAP-C <5.4.3, <5.2.1 - Command Injection
CVSS 7.8
CVE-2022-0764
MEDIUM
strapi/strapi <4.1.0 - Command Injection
CVSS 6.7
CVE-2022-25263
CRITICAL
JetBrains TeamCity < 2021.2.3 - OS Command Injection in Agent Push Feature
CVSS 9.8
CVE-2022-25064
CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 - Remote Code Execution via oal_wan6_setIpAddr Function
CVSS 9.8
CVE-2022-25061
CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 - OS Command Injection via oal_setIp6DefaultRoute
CVSS 9.8
CVE-2022-25060
CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 - OS Command Injection via oal_startPing
CVSS 9.8
CVE-2022-25328
MEDIUM
fscrypt < 0.3.3 - OS Command Injection via Bash Completion Script
CVSS 5.0
CVE-2022-24288
HIGH
Apache Airflow <2.2.4 - Command Injection
CVSS 8.8
Details
Vulnerabilities
6,017
Exploit Likelihood
High