CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,034 vulnerabilities with CWE-78
CVE-2019-18183 CRITICAL
pacman < 5.2 - OS Command Injection via Crafted Delta File in apply_deltas()
CVSS 9.8
CVE-2019-18182 CRITICAL
pacman < 5.2 - OS Command Injection via XferCommand Database Retrieval
CVSS 9.8
CVE-2019-10791 CRITICAL
promise-probe < 0.10.0 - OS Command Injection via File and OutputFile Functions
CVSS 9.8
CVE-2019-14514 CRITICAL
Microvirt MEmu <7.0.2 - Info Disclosure
CVSS 9.8
CVE-2019-19356 HIGH KEV
Netis WF2419 Firmware V1.2.31805 and V2.2.36123 - Authenticated Remote Code Execution via Tracert Diagnostic Tool
CVSS 7.5
CVE-2019-10789 CRITICAL
curling < 1.1.0 - OS Command Injection via Run Function
CVSS 9.8
CVE-2019-10788 CRITICAL
im-metadata < 3.0.1 - OS Command Injection via Exec Argument
CVSS 9.8
CVE-2019-10787 CRITICAL
im-resize < 2.3.2 - OS Command Injection via Exec Argument
CVSS 9.8
CVE-2019-10786 CRITICAL
network-manager < 1.0.2 - Remote Code Execution via execSync() Argument
CVSS 9.8
CVE-2019-20050 MEDIUM
Pandora FMS <= 7.42 - Authenticated Remote Code Execution via Filemanager Folder Name
CVSS 6.8
CVE-2019-10783 CRITICAL
Isof < 0.0.4 - OS Command Injection
CVSS 9.8
CVE-2019-20217 CRITICAL
D-Link DIR-859 1.05 and 1.06B01 Beta01 - Unauthenticated OS Command Injection via M-SEARCH urn Parameter
CVSS 9.8
CVE-2019-20216 CRITICAL
D-Link DIR-859 1.05 and 1.06B01 - Unauthenticated OS Command Injection via M-SEARCH urn Parameter
CVSS 9.8
CVE-2019-20215 CRITICAL
D-Link DIR-859 1.05 and 1.06B01 - Unauthenticated OS Command Injection via M-SEARCH Method
CVSS 9.8
CVE-2019-19824 HIGH
TOTOLINK Realtek SDK Routers - Authenticated OS Command Injection via sysCmd Parameter
CVSS 8.8
CVE-2019-17095 HIGH
Bitdefender BOX 2 Firmware 2.1.47.42 and 2.1.53.45 - Unauthenticated OS Command Injection via API Download Image
CVSS 8.1
CVE-2019-17096 CRITICAL
Bitdefender BOX 2 Firmware - OS Command Injection via get_image_url() Function
CVSS 9.0
CVE-2019-12629 HIGH
Cisco SD-WAN Firmware < 18.3.0 - Authenticated OS Command Injection via WebUI Username Field
CVSS 7.2
CVE-2019-19897 CRITICAL
IXP EasyInstall 6.2.13723 - Unauthenticated Remote Code Execution via Agent Service Execute Command Line Function
CVSS 9.8
CVE-2019-19839 CRITICAL
Ruckus Wireless Unleashed < 200.7.10.202.94 - OS Command Injection via admin/_cmdstat.jsp uploadFile Parameter
CVSS 9.8
CVE-2019-19838 CRITICAL
Ruckus Wireless Unleashed < 200.7.10.202.94 - Remote Code Execution via admin/_cmdstat.jsp uploadFile Parameter
CVSS 9.8
CVE-2019-19842 CRITICAL
Ruckus Wireless Unleashed < 200.7.10.202.94 - Remote Code Execution via mac Attribute in admin/_cmdstat.jsp
CVSS 9.8
CVE-2019-19841 CRITICAL
Ruckus Wireless Unleashed < 200.7.10.202.94 - OS Command Injection via admin/_cmdstat.jsp mac Attribute
CVSS 9.8
CVE-2019-10780 CRITICAL
bibtex-ruby < 5.1.0 - OS Command Injection via BibTeX.open
CVSS 9.8
CVE-2019-10958 HIGH
Geutebruck IP Cameras < 1.12.0.25 - Authenticated Remote Code Execution via Network Configuration
CVSS 7.2
Details
Vulnerabilities 6,034
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits