CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,038 vulnerabilities with CWE-78
CVE-2019-1774 MEDIUM
Cisco NX-OS 5.2-6.2(25) - Authenticated OS Command Injection via CLI Arguments
CVSS 6.7
CVE-2019-1770 MEDIUM
Cisco NX-OS 5.2-5.2(1)sm3(2.1) - Authenticated OS Command Injection via CLI Command Argument
CVSS 6.7
CVE-2019-1769 MEDIUM
Cisco NX-OS < 7.0(3)I7(6) - Authenticated OS Command Injection via CLI Command Argument
CVSS 6.7
CVE-2019-1767 MEDIUM
Cisco NX-OS < 8.3(1) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-11224 HIGH
HARMAN AMX MVP5150 v2.87.13 - OS Command Injection
CVSS 8.8
CVE-2019-1732 MEDIUM
Cisco NX-OS 7.0(3)I4-7.0(3)I7(4) & 7.0(3)-7.0(3)F3(5) - OS Command Injection via RPM Race Condition
CVSS 6.4
CVE-2019-1727 MEDIUM
Cisco NX-OS 5.2-8.1(1b) - Authenticated OS Command Injection via Python Scripting Subsystem
CVSS 6.7
CVE-2019-1726 HIGH
Cisco NX-OS 5.2-6.2(25) - Authenticated OS Command Injection via CLI Argument
CVSS 7.8
CVE-2019-3727 MEDIUM
Dell EMC RecoverPoint < 5.1.3 and RecoverPoint for Virtual Machines < 5.2.0.2 - OS Command Injection via Boxmgmt CLI
CVSS 6.4
CVE-2019-3725 CRITICAL
RSA Netwitness < 11.2.1.1 and Security Analytics < 10.6.6.1 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2019-3702 HIGH
Lifesize Icon 300/500/700 Firmware - Authenticated Remote Code Execution via DNS Query Address Field
CVSS 8.8
CVE-2019-11353 CRITICAL
EnGenius EWS660AP <2.0.284 - Command Injection
CVSS 9.8
CVE-2019-1709 MEDIUM
Cisco Firepower Threat Defense - Authenticated OS Command Injection via CLI Arguments
CVSS 6.0
CVE-2019-1699 MEDIUM
Cisco Secure Firewall Management Center < 6.2.3.12 - Authenticated OS Command Injection via CLI Arguments
CVSS 6.7
CVE-2019-11627 CRITICAL
gpg-key2ps <2.10-1 - Command Injection
CVSS 9.8
CVE-2019-3929 CRITICAL KEV
Crestron Am-100 Firmware < 2.4.1.19 - OS Command Injection
CVSS 9.8
CVE-2019-3926 CRITICAL
Crestron AM-100 and AM-101 - Unauthenticated OS Command Injection via SNMP OID
CVSS 9.8
CVE-2019-3925 CRITICAL
Crestron AM-100 and AM-101 - Unauthenticated OS Command Injection via SNMP OID
CVSS 9.8
CVE-2019-9804 CRITICAL
Firefox < 66.0 - OS Command Injection via Copy as cURL Command
CVSS 9.8
CVE-2019-11539 HIGH KEV
Pulse Secure <9.0R3.4-5.1R15.1 - Authenticated Command Injection
CVSS 7.2
CVE-2019-11444 HIGH
Liferay Portal CE 7.1.2 GA3 - Command Injection
CVSS 7.2
CVE-2019-9161 CRITICAL
Sangfor Sundray WLAN Controller < 3.7.4.2 - Remote Code Execution via nginx_webconsole.php Cookie Header
CVSS 9.8
CVE-2019-11322 CRITICAL
Motorola CX2 1.01- M2 1.01 - Command Injection
CVSS 9.8
CVE-2019-11319 CRITICAL
Motorola CX2 and M2 1.01 - Remote Code Execution via hnap downloadFirmware JSON Value
CVSS 9.8
CVE-2019-1829 MEDIUM
Cisco Aironet Series APs - Privilege Escalation
CVSS 6.7
Details
Vulnerabilities 6,038
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits