CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,017 vulnerabilities with CWE-78
CVE-2021-20074
HIGH
Racom MIDGE Firmware 4.4.40.105 - OS Command Injection
CVSS 8.8
CVE-2021-21315
HIGH
KEV
systeminformation < 5.3.1 - OS Command Injection via Service Parameter Handling
CVSS 7.1
CVE-2021-27201
HIGH
Endian Firewall Community 3.3.2 - Authenticated OS Command Injection via Backup Comment
CVSS 8.8
CVE-2021-25298
HIGH
KEV
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
CVSS 8.8
CVE-2021-25297
HIGH
KEV
Nagios XI xi-5.7.5 - Command Injection
CVSS 8.8
CVE-2021-26752
HIGH
NeDi 1.9C - Authenticated OS Command Injection via Nodes Traffic md or ag Parameter
CVSS 8.8
CVE-2021-20648
MEDIUM
ELECOM WRC-300FEBK-S - Command Injection
CVSS 6.8
CVE-2021-20639
MEDIUM
LOGITEC LAN-W300N/PGRB - Command Injection
CVSS 6.8
CVE-2021-20638
MEDIUM
LOGITEC LAN-W300N/PGRB - Command Injection
CVSS 6.8
CVE-2021-21976
HIGH
vSphere Replication 6.5.0-6.5.1.5 - Authenticated Remote Code Execution via Command Injection
CVSS 7.2
CVE-2021-21018
CRITICAL
Magento <2.4.1-2.3.6 - Command Injection
CVSS 9.1
CVE-2021-21016
CRITICAL
Magento <2.4.1-2.3.6 - Command Injection
CVSS 9.1
CVE-2021-21015
HIGH
Magento <2.4.1-2.3.6 - Command Injection
CVSS 8.0
CVE-2021-22502
CRITICAL
KEV
Micro Focus Operation Bridge Reporter <10.40 - RCE
CVSS 9.8
CVE-2021-26541
CRITICAL
gitlog < 4.0.4 - OS Command Injection via gitlog Function
CVSS 9.8
CVE-2021-3122
CRITICAL
NCR Command Center Agent 16.3 - Unauthenticated Remote Code Execution via runCommand Parameter
CVSS 9.8
CVE-2021-1370
HIGH
Cisco IOS XR < 7.0.12 - Authenticated Privilege Escalation via CLI Command Injection
CVSS 7.8
CVE-2021-1318
HIGH
Cisco RV016, RV042, RV042G, RV082, RV320, and RV325 Routers - Authenticated OS Command Injection
CVSS 7.2
CVE-2021-1317
HIGH
Cisco RV016, RV042, RV042G, RV082, RV320, RV325 Routers - Authenticated RCE via Web Interface
CVSS 7.2
CVE-2021-1316
HIGH
Cisco Small Business RV Series Routers - Authenticated OS Command Injection via Web Management Interface
CVSS 7.2
CVE-2021-1315
HIGH
Cisco RV016, RV042, RV042G, RV082, RV320, RV325 Routers - Authenticated RCE via Web Interface
CVSS 7.2
CVE-2021-1314
HIGH
Cisco RV016, RV042, RV042G, RV082, RV320, and RV325 Routers - Authenticated OS Command Injection
CVSS 7.2
CVE-2021-21289
HIGH
Mechanize <2.7.7 - Command Injection
CVSS 7.4
CVE-2021-25310
HIGH
Belkin Linksys WRT160NL 1.0.04.002_US_20130619 - RCE
CVSS 8.8
CVE-2021-23330
CRITICAL
bitovi launchpad - OS Command Injection via stop
CVSS 9.8
Details
Vulnerabilities
6,017
Exploit Likelihood
High