CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-28113 MEDIUM
Okta Access Gateway <2020.9.3 - Command Injection
CVSS 6.7
CVE-2021-29083 HIGH
Synology DiskStation Manager < 6.2.3-25426-3 - Authenticated Remote Code Execution via PPPoE Realname Parameter
CVSS 7.2
CVE-2021-23348 MEDIUM
portprocesses <1.0.5 - Code Injection
CVSS 6.3
CVE-2021-21412 MEDIUM
@thi.ng/egf < 0.4.0 - OS Command Injection via GPG-Tagged Property Values
CVSS 6.4
CVE-2021-23363 MEDIUM
kill-by-port < 0.0.2 - OS Command Injection via Unsanitized Input to killByPort Function
CVSS 6.3
CVE-2021-26810 CRITICAL
D-Link DIR-816 A2 v1.10 - OS Command Injection via statuscheckpppoeuser Parameter
CVSS 9.8
CVE-2021-25162 HIGH
Aruba Instant <=8.7.1.1 Remote Code Execution
CVSS 8.1
CVE-2021-25150 HIGH
Aruba Instant <6.5.4.17, <8.3.0.13, <8.5.0.10, <8.6.0.4 - RCE
CVSS 8.8
CVE-2021-25146 HIGH
Aruba Instant - Remote Code Execution
CVSS 7.2
CVE-2021-27273 HIGH
NETGEAR ProSAFE Network Management System 1.6.0.26 - RCE
CVSS 8.8
CVE-2021-21372 HIGH
Nim < 1.2.10 - Remote Code Execution via Nimble doCmd Command Injection
CVSS 8.3
CVE-2021-20682 HIGH
baserCMS <4.4.5 - Command Injection
CVSS 7.2
CVE-2021-21386 CRITICAL
APKLeaks < 2.0.3 - OS Command Injection via Package Name in Application Manifest
CVSS 9.3
CVE-2021-1452 MEDIUM
Cisco IOS XE ROM Monitor < 7.0 - Unauthenticated OS Command Injection via ROMMON Variable
CVSS 6.8
CVE-2021-1443 MEDIUM
Cisco IOS XE - Authenticated Remote Code Execution via Configuration File Tampering
CVSS 5.5
CVE-2021-1441 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via Diagnostic Script Parameter Tampering
CVSS 6.7
CVE-2021-1384 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via Crafted IOx Application Package
CVSS 6.5
CVE-2021-1382 MEDIUM
Cisco IOS XE < 17.3.3 - Authenticated OS Command Injection via CLI
CVSS 6.0
CVE-2021-21345 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
CVSS 5.8
CVE-2021-23360 HIGH
killport < 1.0.2 - OS Command Injection via Unsanitized Input to child_process exec
CVSS 7.5
CVE-2021-28961 HIGH
OpenWrt 19.07 - Authenticated OS Command Injection via DDNS POST Request
CVSS 8.8
CVE-2021-23359 HIGH
port-killer - OS Command Injection via Unsanitized Input to child_process exec
CVSS 7.5
CVE-2021-23356 MEDIUM
kill-process-by-name - OS Command Injection via Unsanitized Input to child_process exec
CVSS 5.6
CVE-2021-23355 MEDIUM
ps-kill - OS Command Injection via Unsanitized Input to kill Function
CVSS 5.6
CVE-2021-20017 HIGH
SonicWall SMA100 < 10.2.0.5 - Authenticated OS Command Injection
CVSS 8.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits