CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,026 vulnerabilities with CWE-78
CVE-2019-20500 HIGH KEV
D-Link DWL-2600AP < 4.2.0.15 - Authenticated OS Command Injection via Save Configuration
CVSS 7.8
CVE-2019-20499 HIGH
D-Link DWL-2600AP < 4.2.0.15 - Authenticated OS Command Injection via Config Restore
CVSS 7.8
CVE-2019-20488 CRITICAL
NETGEAR WNR1000V4 1.1.0.54 - OS Command Injection via sysDNSHost Parameter
CVSS 9.8
CVE-2019-10804 CRITICAL
serial-number < 1.3.0 - OS Command Injection via cmdPrefix Argument
CVSS 9.8
CVE-2019-10803 CRITICAL
push-dir < 0.4.1 - OS Command Injection via opt.branch Argument
CVSS 9.8
CVE-2019-10802 CRITICAL
giting < 0.0.8 - OS Command Injection via Pull Function Repo Argument
CVSS 9.8
CVE-2019-10801 CRITICAL
enpeem < 2.2.0 - OS Command Injection via options.dir Argument
CVSS 9.8
CVE-2019-15609 CRITICAL
kill-port-process < 2.2.0 - OS Command Injection
CVSS 9.8
CVE-2019-19994 CRITICAL
Selesta Visual Access Manager 4.15.0-4.29.0 - Unauthenticated OS Command Injection via vam_monitor_sap.php
CVSS 9.8
CVE-2019-3999 HIGH
Druva inSync Windows Client 6.5.0 - Unauthenticated OS Command Injection
CVSS 7.8
CVE-2019-5142 HIGH
Moxa AWK-3131A <1.13 - Command Injection
CVSS 7.2
CVE-2019-5141 HIGH
Moxa AWK-3131A <1.13 - Command Injection
CVSS 8.8
CVE-2019-5140 HIGH
Moxa AWK-3131A <1.13 - Command Injection
CVSS 8.8
CVE-2019-5138 CRITICAL
Moxa AWK-3131A <1.13 - Command Injection
CVSS 9.9
CVE-2019-12511 CRITICAL
NETGEAR Nighthawk X10-R9000 < 1.0.4.26 - OS Command Injection via AdvancedQoS:GetCurrentBandwidthByMAC SOAP Endpoint
CVSS 9.8
CVE-2019-10799 HIGH
compile-sass < 1.0.5 - OS Command Injection via setupCleanupOnExit Function
CVSS 8.2
CVE-2019-10796 CRITICAL
rpi < 0.0.3 - OS Command Injection via GPIO Function
CVSS 9.8
CVE-2019-18183 CRITICAL
pacman < 5.2 - OS Command Injection via Crafted Delta File in apply_deltas()
CVSS 9.8
CVE-2019-18182 CRITICAL
pacman < 5.2 - OS Command Injection via XferCommand Database Retrieval
CVSS 9.8
CVE-2019-10791 CRITICAL
promise-probe < 0.10.0 - OS Command Injection via File and OutputFile Functions
CVSS 9.8
CVE-2019-14514 CRITICAL
Microvirt MEmu <7.0.2 - Info Disclosure
CVSS 9.8
CVE-2019-19356 HIGH KEV
Netis WF2419 Firmware V1.2.31805 and V2.2.36123 - Authenticated Remote Code Execution via Tracert Diagnostic Tool
CVSS 7.5
CVE-2019-10789 CRITICAL
curling < 1.1.0 - OS Command Injection via Run Function
CVSS 9.8
CVE-2019-10788 CRITICAL
im-metadata < 3.0.1 - OS Command Injection via Exec Argument
CVSS 9.8
CVE-2019-10787 CRITICAL
im-resize < 2.3.2 - OS Command Injection via Exec Argument
CVSS 9.8
Details
Vulnerabilities 6,026
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits