CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,036 vulnerabilities with CWE-78
CVE-2019-6620 HIGH
F5 BIG-IP 11.5.2-11.6.4 - Authenticated OS Command Injection via iControl REST Worker
CVSS 7.2
CVE-2019-7256 CRITICAL KEV
Linear eMerge E3-Series - Command Injection
CVSS 9.8
CVE-2019-7269 CRITICAL
Linear eMerge 50P/5000P - Command Injection
CVSS 9.8
CVE-2019-13155 HIGH
TRENDnet TEW-827DRU Firmware < 2.05b11 - Authenticated OS Command Injection via Add Virtual Server IP Address
CVSS 8.8
CVE-2019-13154 HIGH
TRENDnet TEW-827DRU Firmware < 2.05b11 - Authenticated OS Command Injection via Add Gaming Rule TCP Ports Parameter
CVSS 8.8
CVE-2019-13153 HIGH
TRENDnet TEW-827DRU Firmware < 2.05b11 - Authenticated OS Command Injection via Add Virtual Server Private Port
CVSS 8.8
CVE-2019-13151 HIGH
TRENDnet TEW-827DRU Firmware < 2.05b11 - Authenticated OS Command Injection via WPS Enrollee PIN
CVSS 8.8
CVE-2019-13149 HIGH
TRENDnet TEW-827DRU Firmware < 2.05B11 - Authenticated OS Command Injection via Routing RIP Settings Passwd Parameter
CVSS 8.8
CVE-2019-7670 HIGH
Prima Systems FlexAir <2.3.38 - Command Injection
CVSS 7.2
CVE-2019-13128 HIGH
D-Link DIR-823G Firmware 1.02B03 - Authenticated OS Command Injection via HNAP1 SetStaticRouteSettings
CVSS 8.8
CVE-2019-11829 HIGH
Synology Calendar <2.3.1-0617 - Command Injection
CVSS 7.3
CVE-2019-12997 HIGH
Loopchain < 2.2.1.3 - Privilege Escalation via DEFAULT_SCORE_HOST Environment Variable
CVSS 8.8
CVE-2019-3631 HIGH
McAfee Enterprise Security Manager < 10.4.0 - Authenticated OS Command Injection via Crafted Parameters
CVSS 7.2
CVE-2019-3630 HIGH
McAfee Enterprise Security Manager < 10.4.0 - Authenticated OS Command Injection via Crafted Parameters
CVSS 7.2
CVE-2019-5819 HIGH
Google Chrome < 74.0.3729.108 - Local Arbitrary Code Execution via Clipboard String
CVSS 7.8
CVE-2019-12929 CRITICAL
QEMU < 4.0.0 - OS Command Injection via QMP guest_exec Command
CVSS 9.8
CVE-2019-12928 CRITICAL
QEMU < 4.0.0 - OS Command Injection via QMP Migrate Command
CVSS 9.8
CVE-2019-6962 HIGH
RDK RDKB-20181217-1 CcspWifiAgent - Command Injection
CVSS 7.5
CVE-2019-1879 MEDIUM
Cisco Integrated Management Controller - Authenticated OS Command Injection via CLI
CVSS 6.4
CVE-2019-1878 HIGH
Cisco TelePresence Codec/CE Software - RCE
CVSS 7.5
CVE-2019-1627 MEDIUM
Cisco Integrated Management Controller - Unprotected User Data Exposure via Configuration File
CVSS 6.5
CVE-2019-1623 MEDIUM
Cisco Meeting Server 2.2.0-2.2.13 - Authenticated OS Command Injection via CLI Configuration Shell
CVSS 6.7
CVE-2019-11410 HIGH
FusionPBX 4.4.3 - Command Injection
CVSS 7.2
CVE-2019-11409 HIGH
FusionPBX 4.4.3 - Command Injection
CVSS 8.8
CVE-2019-12181 HIGH
Serv-U FTP Server prepareinstallation Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 6,036
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits