CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-24015 HIGH
FortiMail 5.4.0-5.4.11 - Authenticated OS Command Injection via HTTP Request
CVSS 7.2
CVE-2021-26106 HIGH
FortiAP 6.4.1-6.4.5 and 6.2.4-6.2.5 - Authenticated OS Command Injection via kdbg CLI Command
CVSS 7.8
CVE-2021-34616 MEDIUM
Aruba ClearPass Policy Manager < 6.6.10 - Remote Command Execution
CVSS 6.3
CVE-2021-34615 MEDIUM
Aruba ClearPass Policy Manager < 6.6.10 - Remote Command Execution
CVSS 6.3
CVE-2021-34613 MEDIUM
Aruba ClearPass Policy Manager < 6.6.10 - Remote Code Execution
CVSS 6.3
CVE-2021-34612 MEDIUM
Aruba ClearPass Policy Manager < 6.6.10 - Remote Code Execution
CVSS 6.3
CVE-2021-34614 MEDIUM
Aruba ClearPass Policy Manager < 6.6.10 - Remote Command Execution
CVSS 6.3
CVE-2021-34611 HIGH
Aruba ClearPass Policy Manager < 6.6.10 - Remote Command Execution
CVSS 7.2
CVE-2021-34610 HIGH
Aruba ClearPass Policy Manager < 6.6.10 - Remote Command Execution
CVSS 7.2
CVE-2021-32534 CRITICAL
QSAN SANOS < 2.1.0 - Unauthenticated OS Command Injection via Factory Reset Function
CVSS 9.8
CVE-2021-32533 CRITICAL
QSAN SANOS < 2.1.0 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2021-32531 CRITICAL
QSAN XEVO < 2.1.0 - Unauthenticated OS Command Injection in Init Function
CVSS 9.8
CVE-2021-32530 CRITICAL
QSAN XEVO < 1.2.0 - Unauthenticated OS Command Injection via Array Status Parameter
CVSS 9.8
CVE-2021-32524 CRITICAL
QSAN Storage Manager < 3.3.1 - Authenticated OS Command Injection
CVSS 9.1
CVE-2021-32513 CRITICAL
QSAN Storage Manager < 3.3.3 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2021-32512 CRITICAL
QSAN Storage Manager < 3.3.3 - Unauthenticated OS Command Injection via QuickInstall
CVSS 9.8
CVE-2021-20739 HIGH
Elecom WRC and WRH Routers - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2021-28804 CRITICAL
QNAP QTS < 4.5.1.1540 and QuTS hero < h4.5.1.1582 - OS Command Injection
CVSS 9.8
CVE-2021-28802 CRITICAL
QNAP QTS < 4.5.1.1540 and QuTS hero < h4.5.1.1582 - OS Command Injection
CVSS 9.8
CVE-2021-31838 HIGH
McAfee MVISION EDR < 3.4.0 - Authenticated OS Command Injection via Execute Reaction
CVSS 8.4
CVE-2021-23399 HIGH
wincred - OS Command Injection via getCredential Function
CVSS 7.3
CVE-2021-20745 HIGH
Inkdrop < 5.3.1 - OS Command Injection via Invalid Iframe in File or Code Snippet
CVSS 7.8
CVE-2021-20740 HIGH
Hitachi Virtual File Platform <5.5.3-09,6.4.3-09 - Command Injection
CVSS 8.8
CVE-2021-33534 HIGH
Weidmueller Industrial WLAN - Command Injection
CVSS 7.2
CVE-2021-33533 HIGH
Weidmueller Industrial WLAN - Command Injection
CVSS 8.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits