CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,020 vulnerabilities with CWE-78
CVE-2020-15893 CRITICAL
D-Link DIR-816L Firmware 2.x - OS Command Injection via UPnP SSDP M-SEARCH ST Field
CVSS 9.8
CVE-2020-12774 HIGH
D-Link DSL-7740C - Command Injection
CVSS 8.2
CVE-2020-15123 CRITICAL
codecov < 3.7.1 - OS Command Injection via Backtick Bypass
CVSS 9.3
CVE-2020-15121 HIGH
radare2 < 4.5.0 - OS Command Injection via Malformed PDB File Name
CVSS 7.4
CVE-2020-7206 CRITICAL
nagios-plugins-hpilo < 1.50 - OS Command Injection
CVSS 9.8
CVE-2020-5759 CRITICAL
Grandstream UCM6200 <1.0.20.23 - Command Injection
CVSS 9.8
CVE-2020-5758 HIGH
Grandstream UCM6200 <1.0.20.23 - Command Injection
CVSS 8.8
CVE-2020-5757 CRITICAL
Grandstream UCM6200 <1.0.20.23 - Command Injection
CVSS 9.8
CVE-2020-5756 HIGH
Grandstream GWN7000 <1.0.9.4 - Command Injection
CVSS 8.8
CVE-2020-7825 HIGH
MiPlatform <2019.05.16 - Command Injection
CVSS 8.8
CVE-2020-11981 CRITICAL
Apache Airflow < 1.10.10 - OS Command Injection via CeleryExecutor
CVSS 9.8
CVE-2020-11978 HIGH KEV
Apache Airflow < 1.10.11 - Authenticated Remote Code Execution via Example DAG
CVSS 8.8
CVE-2020-3332 HIGH
Cisco Small Business RV110W-215W - Command Injection
CVSS 8.8
CVE-2020-8958 HIGH
Guangzhou 1GE ONU V2801RW and V2804RGW 1.9.1-181203-2.9.0-181024 - OS Command Injection via Ping Dest IP Address Field
CVSS 7.2
CVE-2020-8178 CRITICAL
jison < 0.4.18 - OS Command Injection
CVSS 9.8
CVE-2020-11084 MEDIUM
ipear - OS Command Injection via Manual eval() Execution
CVSS 6.4
CVE-2020-11953 HIGH
Rittal CMCIII-PU and PDU-3C002DEC Firmware - OS Command Injection
CVSS 8.8
CVE-2020-4512 HIGH
IBM QRadar SIEM 7.3-7.4 - Authenticated Remote Command Execution
CVSS 7.2
CVE-2020-13925 CRITICAL
Apache Kylin 2.3.0-3.0.9 - OS Command Injection via RESTful API
CVSS 9.8
CVE-2020-10987 CRITICAL KEV
Tenda AC15 AC1900 <15.03.05.19 - RCE
CVSS 9.8
CVE-2020-8186 CRITICAL
devcert < 1.1.2 - Remote Code Execution via certificateFor Function
CVSS 9.8
CVE-2020-9377 HIGH KEV
D-Link DIR-610 Firmware - Remote Command Execution via cmd Parameter
CVSS 8.8
CVE-2020-2034 HIGH
PAN-OS 7.1.0-7.1.25 - Unauthenticated OS Command Injection via GlobalProtect Portal
CVSS 8.1
CVE-2020-2030 HIGH
PAN-OS 7.1.0-7.1.25 and 8.0.x-8.1.14 - Authenticated OS Command Injection
CVSS 7.2
CVE-2020-5352 HIGH
Dell EMC Data Protection Advisor 6.4, 6.5, 18.1 - Authenticated OS Command Injection
CVSS 8.8
Details
Vulnerabilities 6,020
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits