CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,017 vulnerabilities with CWE-78
CVE-2021-45844
HIGH
FreeCAD 0.19 - OS Command Injection via Crafted Filename
CVSS 7.8
CVE-2021-43589
MEDIUM
Dell EMC Unity <5.1.2.0.5.007 - Command Injection
CVSS 6.0
CVE-2021-44981
HIGH
QuickBox Pro <= 2.5.8 - Remote Code Execution via config.php GET Parameter
CVSS 8.8
CVE-2021-31854
HIGH
McAfee Agent < 5.7.5 - OS Command Injection via File Cleanup Execution
CVSS 7.7
CVE-2021-38965
HIGH
IBM FileNet Content Manager <5.5.8 - Command Injection
CVSS 8.8
CVE-2021-33827
HIGH
ownCloud files_antivirus < 1.0.0 - OS Command Injection via Administration Settings
CVSS 7.2
CVE-2021-33962
CRITICAL
China Mobile An Lianbao WF-1 v1.0.1 - OS Command Injection via Web Interface USB Device Pop
CVSS 9.8
CVE-2021-23154
MEDIUM
Lens < 5.3.3 - OS Command Injection via Helm Chart Configuration
CVSS 6.3
CVE-2021-43779
CRITICAL
GLPI addressing plugin < 2.9.1 - Authenticated Remote Code Execution via Command Injection
CVSS 9.9
CVE-2021-45912
HIGH
Controlup Real-Time Agent <8.5 - RCE
CVSS 7.8
CVE-2021-45979
HIGH
Foxit PDF Reader & Editor <11.1 (macOS) - RCE
CVSS 7.8
CVE-2021-45978
HIGH
Foxit PDF Reader & PDF Editor <11.1 - RCE
CVSS 7.8
CVE-2021-20173
HIGH
Netgear Nighthawk R6700 1.0.4.120 - OS Command Injection via SOAP Update Check
CVSS 8.8
CVE-2021-20160
HIGH
Trendnet TEW-827DRU 2.08B01 - OS Command Injection via SMB Username Parameter
CVSS 8.8
CVE-2021-20159
HIGH
Trendnet TEW-827DRU 2.08B01 - OS Command Injection via System Log Parameter
CVSS 8.8
CVE-2021-35032
MEDIUM
Zyxel GS1900 Series Firmware < 2.70 - Authenticated OS Command Injection via libsal.so
CVSS 6.4
CVE-2021-35031
MEDIUM
Zyxel GS1900 Series Firmware < 2.70 - Authenticated OS Command Injection via TFTP Client
CVSS 6.8
CVE-2021-43857
CRITICAL
Gerapy < 0.9.8 - Remote Code Execution
CVSS 9.8
CVE-2021-45602
MEDIUM
NETGEAR devices - Command Injection
CVSS 6.1
CVE-2021-3621
HIGH
SSSD - OS Command Injection via sssctl logs-fetch and cache-expire Subcommands
CVSS 8.8
CVE-2021-44453
CRITICAL
mySCADA myPRO < 8.20.0 - OS Command Injection via Debug Interface Ping Utility
CVSS 10.0
CVE-2021-43984
CRITICAL
mySCADA myPRO <8.20.0 - Command Injection
CVSS 10.0
CVE-2021-43981
CRITICAL
mySCADA myPRO <8.20.0 - Command Injection
CVSS 10.0
CVE-2021-3584
HIGH
Foreman - Remote Code Execution via Sendmail Configuration
CVSS 7.2
CVE-2021-23198
CRITICAL
mySCADA myPRO <8.20.0 - Command Injection
CVSS 10.0
Details
Vulnerabilities
6,017
Exploit Likelihood
High