CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-29369 CRITICAL
gnuplot < 0.1.0 - OS Command Injection via Gnuplot Commands
CVSS 9.8
CVE-2021-21530 HIGH
Dell OpenManage Enterprise-Modular < 1.30.00 - Authenticated Privilege Escalation and Information Disclosure
CVSS 8.3
CVE-2021-21388 HIGH
systeminformation < 5.6.4 - OS Command Injection via Service Parameter Mishandling
CVSS 8.9
CVE-2021-1488 MEDIUM
Cisco ASA/Firepower Threat Defense OS Command Injection via Upgrade Package
CVSS 6.7
CVE-2021-1476 MEDIUM
Cisco Adaptive Security Appliance and Firepower Threat Defense - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2021-1448 HIGH
Cisco Firepower Threat Defense 6.4.0 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2021-30234 CRITICAL
China Mobile An Lianbao WF-1 <1.0.1 - Command Injection
CVSS 9.8
CVE-2021-30233 CRITICAL
China Mobile An Lianbao WF-1 <1.0.1 - Command Injection
CVSS 9.8
CVE-2021-30232 CRITICAL
China Mobile An Lianbao WF-1 <1.0.1 - Command Injection
CVSS 9.8
CVE-2021-30231 CRITICAL
China Mobile An Lianbao WF-1 <1.0.1 - Command Injection
CVSS 9.8
CVE-2021-30230 CRITICAL
China Mobile An Lianbao WF-1 <1.0.1 - Command Injection
CVSS 9.8
CVE-2021-30229 HIGH
China Mobile An Lianbao WF-1 <1.0.1 - Command Injection
CVSS 8.8
CVE-2021-30228 CRITICAL
China Mobile An Lianbao WF-1 <1.0.1 - Command Injection
CVSS 9.8
CVE-2021-29147 HIGH
Aruba ClearPass Policy Manager < 6.9.5, < 6.8.9, < 6.7.14-HF1 - Remote Code Execution
CVSS 8.8
CVE-2021-25167 HIGH
Aruba AirWave < 8.2.12.1 - Unauthenticated Remote Code Execution
CVSS 8.8
CVE-2021-25166 HIGH
Aruba AirWave < 8.2.12.1 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2021-21414 HIGH
Prisma < 2.20.0 - Remote Code Execution via getPackedPackage Function
CVSS 7.7
CVE-2021-30166 HIGH
Meritlilin IP Camera Firmware < 7.1.94.8908 - Authenticated OS Command Injection via NTP Server Configuration
CVSS 7.2
CVE-2021-30642 CRITICAL
Symantec Security Analytics 7.2-7.2.6 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2021-20711 CRITICAL
Aterm WG2600HS <Ver1.5.1 - Command Injection
CVSS 9.8
CVE-2021-20708 HIGH
NEC Aterm WF1200CR <1.3.2 WG1200CR <1.3.3 WG2600HS <1.5.1 - Authenticated OS Command Injection
CVSS 7.2
CVE-2021-20696 HIGH
DAP-1880AC <1.21 - Command Injection
CVSS 8.8
CVE-2021-31607 HIGH
SaltStack Salt 2016.9-3002.6 - OS Command Injection via Snapper Module
CVSS 7.8
CVE-2021-0265 HIGH
Juniper Networks AppFormix <3.1.22-3.3.0 - RCE
CVSS 8.1
CVE-2021-29465 HIGH
discord-recon < 0.0.4 - Remote Code Execution via File Overwrite
CVSS 8.3
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits