CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,036 vulnerabilities with CWE-78
CVE-2019-1634
HIGH
Cisco Integrated Management Controller Supervisor 1.5.0.0-1.5(9g) - Authenticated OS Command Injection via IPMI
CVSS 7.2
CVE-2019-4294
HIGH
IBM DataPower Gateway <2018.4.1.6 - Command Injection
CVSS 7.8
CVE-2019-3968
HIGH
OpenEMR < 5.0.1 - Authenticated OS Command Injection via Scanned Forms Interface
CVSS 8.8
CVE-2019-5477
CRITICAL
Nokogiri < 1.10.4 - OS Command Injection via Nokogiri::CSS::Tokenizer#load_file
CVSS 9.8
CVE-2019-14923
HIGH
EyesOfNetwork 5.1 - Remote Command Execution via Tool All Host Field
CVSS 8.8
CVE-2019-15107
CRITICAL
KEV
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
CVSS 9.8
CVE-2019-12792
HIGH
Vesta Control Panel 0.9.8-24 - Authenticated OS Command Injection via UploadHandler.php
CVSS 8.8
CVE-2019-3417
HIGH
ZTE ZXHN F670 Firmware < 1.1.10p3t18 - Authenticated OS Command Injection
CVSS 8.8
CVE-2019-14527
CRITICAL
NETGEAR Nighthawk M1 <12.06.03 - Command Injection
CVSS 9.8
CVE-2019-12103
CRITICAL
TP-Link M7350 V3 <190531 - Command Injection
CVSS 9.8
CVE-2019-15027
CRITICAL
MediaTek MT65xx MT66xx MT8163 eMMC Subsystem - OS Command Injection via Filename in Meta Mode Boot
CVSS 9.8
CVE-2019-1971
CRITICAL
Cisco Enterprise NFV Infrastructure Software 3.6.2-3.8.1 - Unauthenticated Remote Code Execution via Web Portal Input
CVSS 9.8
CVE-2019-1960
MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.11.1 - Authenticated Arbitrary File Read
CVSS 4.4
CVE-2019-1959
MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.11.1 - Authenticated Arbitrary File Read
CVSS 4.4
CVE-2019-14744
HIGH
KDE KConfig < 5.61.0 - OS Command Injection via Malicious Desktop Files
CVSS 7.8
CVE-2019-14699
CRITICAL
MicroDigital N-series <6400.0.8.5 - Command Injection
CVSS 9.8
CVE-2019-14260
HIGH
Alcatel-Lucent Enterprise Deskphone VoIP <1.50.13 - Command Injection
CVSS 8.0
CVE-2019-14259
HIGH
Polycom Obihai Obi1022 VoIP <5.1.11 - Command Injection
CVSS 8.0
CVE-2019-14337
MEDIUM
D-Link 6600-AP and DWL-3600AP Firmware 4.2.0.14 - OS Command Injection via Restricted CLI Escape
CVSS 5.5
CVE-2019-1020004
HIGH
Tridactyl < 1.16.0 - Fake Key Event Injection
CVSS 7.5
CVE-2019-13638
HIGH
GNU patch <2.7.6 - Command Injection
CVSS 7.8
CVE-2019-3595
MEDIUM
McAfee Data Loss Prevention Endpoint 11.0-11.1.200 - Authenticated Command Injection via DLP Policy Export
CVSS 6.5
CVE-2019-1010179
CRITICAL
phkp - OS Command Injection via HKP-Api /pks/lookup?search
CVSS 9.8
CVE-2019-1010200
CRITICAL
Google Voice Builder - OS Command Injection via /tts and /alignment Endpoints
CVSS 9.8
CVE-2019-12328
CRITICAL
Atcom A10W VoIP <2.6.1a2421 - Command Injection
CVSS 9.0
Details
Vulnerabilities
6,036
Exploit Likelihood
High