CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,034 vulnerabilities with CWE-78
CVE-2019-10956 HIGH
Geutebrueck G-code Eec-2400 Firmware - OS Command Injection
CVSS 7.2
CVE-2019-18894 HIGH
Avast Premium Security <19.8.2393 - RCE
CVSS 7.8
CVE-2019-20224 HIGH
Pandora FMS 7.0NG - Authenticated OS Command Injection via netflow_get_stats ip_src Parameter
CVSS 8.8
CVE-2019-10777 CRITICAL
aws-lambda < 1.0.5 - OS Command Injection via config.FunctionName
CVSS 9.8
CVE-2019-10778 CRITICAL
devcert-sanscache < 0.4.7 - OS Command Injection via Exec Function
CVSS 9.8
CVE-2019-17148 HIGH
Parallels Desktop 14.1.3 - Local Privilege Escalation via Parallels Service
CVSS 7.8
CVE-2019-10776 CRITICAL
git-diff-apply < 0.22.2 - OS Command Injection via RemoteUrl Parameter
CVSS 9.8
CVE-2019-20348 MEDIUM
OKER G232V1 v1.03.02.20161129 - Unauthenticated OS Command Injection via UART Serial Interface
CVSS 6.8
CVE-2019-19509 HIGH
rConfig 3.9.3 - Authenticated OS Command Injection via ajaxArchiveFiles.php Path Parameter
CVSS 8.8
CVE-2019-15979 HIGH
Cisco Data Center Network Manager < 11.3(1) - Authenticated OS Command Injection via REST and SOAP API
CVSS 7.2
CVE-2019-15978 HIGH
Cisco Data Center Network Manager < 11.3(1) - Authenticated OS Command Injection via REST and SOAP API
CVSS 7.2
CVE-2019-5987 HIGH
cgi_an-anlyzer < 2019-06-24 - Authenticated OS Command Injection via Management Page
CVSS 8.8
CVE-2019-20197 HIGH
Nagios XI 5.6.9 - Authenticated OS Command Injection via schedulereport.php id Parameter
CVSS 8.8
CVE-2019-3984 CRITICAL
Blink XT2 Sync Module Firmware < 2.3.11 - Remote Code Execution via Update Script Retrieval
CVSS 9.8
CVE-2019-9197 HIGH
Unity Editor 5.6.0-5.6.7f1 - Remote Code Execution via com.unity3d.kharma Protocol Handler
CVSS 8.8
CVE-2019-16790 MEDIUM
Tiny File Manager < 2.3.9 - Authenticated Remote Code Execution via Upload from URL and Edit/Rename
CVSS 6.5
CVE-2019-17621 CRITICAL KEV
D-Link DIR-859 Firmware < 1.05b03 - Unauthenticated Remote Code Execution via UPnP gena.cgi
CVSS 9.8
CVE-2019-10774 CRITICAL
php-shellcommand < 1.6.1 - OS Command Injection
CVSS 9.8
CVE-2019-6014 HIGH
DBA-1510P Firmware <= 1.70b009 - OS Command Injection via Web User Interface
CVSS 8.8
CVE-2019-6013 MEDIUM
DBA-1510P Firmware < 1.70b009 - Authenticated OS Command Injection via CLI
CVSS 6.6
CVE-2019-19920 HIGH
sa-exim 4.2.1 - OS Command Injection via Greylisting.pm Eval
CVSS 8.8
CVE-2019-15598 CRITICAL
treekill < 1.2.2 - OS Command Injection
CVSS 9.8
CVE-2019-8513 HIGH
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
CVSS 7.8
CVE-2019-11399 CRITICAL
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, TEW-652BRU 1.00b12 - OS Command Injection
CVSS 9.8
CVE-2019-18830 CRITICAL
Barco ClickShare Button R9861500D01 <1.9.0 - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,034
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits