CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-3577 HIGH
Motorola-branded Binatone Hubble Cameras - RCE
CVSS 8.8
CVE-2021-41254 HIGH
kustomize-controller - Command Injection
CVSS 8.8
CVE-2021-3934 HIGH
oh_my_zsh < 2021-11-11 - OS Command Injection
CVSS 7.5
CVE-2021-3061 MEDIUM
Palo Alto Networks PAN-OS 8.1.0-8.1.19 and Prisma Access - Authenticated OS Command Injection via CLI
CVSS 6.4
CVE-2021-3060 HIGH
PAN-OS <8.1.20-h1, <9.0.14-h3, <9.1 - Code Injection
CVSS 8.1
CVE-2021-3059 HIGH
Palo Alto Networks PAN-OS 8.1 < 8.1.20 - OS Command Injection via Dynamic Updates
CVSS 8.1
CVE-2021-3058 HIGH
PAN-OS 8.1.0-8.1.19 - Authenticated OS Command Injection via XML API
CVSS 8.8
CVE-2021-39474 HIGH
ubeeinteractive UBC1319 Firmware 1319010201r009 - Authenticated OS Command Injection via ping.cmd
CVSS 7.2
CVE-2021-37158 HIGH
OpenGamePanel OGP-Agent-Linux < 2021-08-14 - Authenticated OS Command Injection via Counter-Strike Map Field
CVSS 8.8
CVE-2021-42372 HIGH
XoruX LPAR2RRD and STOR2RRD < 7.30 - Authenticated OS Command Injection via HW Events SNMP Community
CVSS 8.8
CVE-2021-41228 HIGH
TensorFlow 2.4.0-2.4.3, 2.5.0-2.5.1 - OS Command Injection via saved_model_cli eval
CVSS 7.5
CVE-2021-40120 MEDIUM
Cisco Small Business RV Series Routers - Authenticated OS Command Injection via Web Management Interface
CVSS 6.5
CVE-2021-40113 CRITICAL
Cisco Catalyst PON Series Switches ONT Firmware - Unauthenticated Improper Access Control
CVSS 10.0
CVE-2021-43266 HIGH
Mahara 20.04.0-20.04.4 - OS Command Injection via PDF Export Collection Name
CVSS 7.3
CVE-2021-36185 HIGH
Fortinet FortiWLM <8.6.1 - Code Injection
CVSS 8.8
CVE-2021-34756 MEDIUM
Cisco Firepower Management Center Virtual Appliance - Authenticated OS Command Injection
CVSS 6.7
CVE-2021-34755 MEDIUM
Cisco Firepower Management Center Virtual Appliance - Authenticated OS Command Injection
CVSS 6.7
CVE-2021-20837 CRITICAL
Movable Type < 1.46, 4.0-6.3.11, 6.5.0-6.8.2 - Remote Code Execution via XMLRPC API
CVSS 9.8
CVE-2021-38294 CRITICAL
Apache Storm <2.2.1, <1.2.4 - Command Injection
CVSS 9.8
CVE-2021-42538 HIGH
Emerson Wireless 1410/1410D/1420 Gateway Firmware < 4.7.94 - OS Command Injection via Passphrase Parameter
CVSS 8.0
CVE-2021-34362 HIGH
QNAP Media Streaming add-on < 500.0.0.3 - OS Command Injection
CVSS 8.7
CVE-2021-1529 HIGH
Cisco IOS XE SD-WAN - Authenticated OS Command Injection via System CLI
CVSS 7.8
CVE-2021-31358 HIGH
Juniper Junos OS Evolved OS Command Injection via SFTP (Auth Required)
CVSS 7.8
CVE-2021-31357 HIGH
Juniper Junos OS Evolved OS Command Injection via tcpdump
CVSS 7.8
CVE-2021-31356 HIGH
Juniper Junos OS Evolved < 20.4R3-S1-EVO - Authenticated Command Injection via CLI Bypass
CVSS 7.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits