CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-33525 HIGH
eyesofnetwork < 5.3-11 - Authenticated Remote Command Execution via Nagios Path Parameter
CVSS 8.8
CVE-2021-29300 CRITICAL
@ronomon/opened < 1.5.2 - OS Command Injection via Untrusted Input
CVSS 9.8
CVE-2021-20557 HIGH
IBM Security Guardium 11.2 - Command Injection
CVSS 7.2
CVE-2021-1560 MEDIUM
Cisco DNA Spaces Connector < 2.0.519 - Authenticated OS Command Injection
CVSS 6.5
CVE-2021-1559 MEDIUM
Cisco DNA Spaces Connector < 2.0.519 - Authenticated OS Command Injection
CVSS 6.5
CVE-2021-1558 MEDIUM
Cisco DNA Spaces Connector < 2.3.1 - Authenticated Privilege Escalation and OS Command Injection via CLI Commands
CVSS 6.0
CVE-2021-1557 MEDIUM
Cisco DNA Spaces Connector < 2.3.1 - Authenticated Privilege Escalation and OS Command Execution via CLI Commands
CVSS 6.0
CVE-2021-1487 HIGH
Cisco Prime Infrastructure & EPNM - Authenticated RCE via Web Interface
CVSS 8.8
CVE-2021-33514 HIGH
NETGEAR devices - Command Injection
CVSS 8.8
CVE-2021-20719 MEDIUM
RFNTPS <System_01000004 & Web_01000004 - Command Injection
CVSS 6.8
CVE-2021-31324 CRITICAL
Control WebPanel - Unauthenticated OS Command Injection via ID Session Parameter
CVSS 9.8
CVE-2021-32305 CRITICAL
WebSVN < 2.6.1 - Remote Code Execution via Search Parameter
CVSS 9.8
CVE-2021-32605 CRITICAL
zzzphp < 2.0.4 - OS Command Injection via Keys Parameter
CVSS 9.8
CVE-2021-31915 CRITICAL
JetBrains TeamCity < 2020.2.4 - OS Command Injection
CVSS 9.8
CVE-2021-23012 HIGH
BIG-IP 13.1.0-13.1.3, 14.1.0-14.1.3, 15.1.0-15.1.2, 16.0.0-16.0.1 - OS Command Injection via System Support
CVSS 8.2
CVE-2021-32090 CRITICAL
LocalStack < 0.12.10 - OS Command Injection via Dashboard functionName Parameter
CVSS 9.8
CVE-2021-28151 HIGH
Hongdian H8922 3.0.5 - Remote Command Injection
CVSS 8.8
CVE-2021-26543 HIGH
Wayfair git-parse <=1.0.4 - OS Command Injection via gitDiff Function
CVSS 8.8
CVE-2021-21550 MEDIUM
Dell EMC PowerScale OneFS 8.1.0-9.1.0 - Authenticated Privilege Escalation via OS Command Injection
CVSS 6.0
CVE-2021-21527 MEDIUM
Dell PowerScale OneFS 8.1.0-9.1.0 - Authenticated Privilege Escalation via OS Command Injection
CVSS 6.0
CVE-2021-1514 HIGH
Cisco SD-WAN Software - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2021-1498 CRITICAL KEV
Cisco HyperFlex HX Data Platform < 4.0(2e) - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2021-1497 CRITICAL KEV
Cisco HyperFlex HX Data Platform < 4.0(2e) - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2021-1421 HIGH
Cisco Enterprise NFV Infrastructure Software < 4.5.1 - Authenticated OS Command Injection via Configuration Command
CVSS 7.8
CVE-2021-1401 HIGH
Cisco Small Business WAP125, WAP131, WAP150, WAP351, WAP361, WAP581 Firmware - Authenticated OS Command Injection
CVSS 8.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits