CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,041 vulnerabilities with CWE-78
CVE-2018-17867
HIGH
DASAN H660GW Firmware - Authenticated Remote Code Execution via Port Forwarding Addr Parameter
CVSS 7.2
CVE-2018-9077
HIGH
LenovoEMC Firmware < 4.1.402.34662 - OS Command Injection via Share Name Parameter
CVSS 8.1
CVE-2018-9076
HIGH
LenovoEMC Firmware < 4.1.402.34662 - OS Command Injection via Share Name Parameter
CVSS 8.1
CVE-2018-9075
HIGH
LenovoEMC Firmware < 4.1.402.34662 - OS Command Injection via PersonalCloud Client Password Parameter
CVSS 8.1
CVE-2018-16055
HIGH
pfSense < 2.4.4 - Authenticated OS Command Injection via DHCP Lease Relinquish
CVSS 8.8
CVE-2018-17317
CRITICAL
FruityWifi 2.1 - OS Command Injection via Multiple Parameters
CVSS 9.8
CVE-2018-16752
HIGH
LINK-NET LW-N605R Firmware 12.20.2.1486 - Authenticated Remote Code Execution via Ping HOST Field
CVSS 8.8
CVE-2018-16282
HIGH
Moxa EDR-810 V4.2 build 18041013 - OS Command Injection via caname Parameter
CVSS 8.8
CVE-2018-17228
CRITICAL
nmap4j 1.1.0 - OS Command Injection via includeHosts Call
CVSS 9.8
CVE-2018-17208
HIGH
Linksys Velop 1.1.2.187020 - Command Injection
CVSS 8.8
CVE-2018-17068
CRITICAL
D-Link DIR-816 A2 1.10 B05 - Command Injection
CVSS 9.8
CVE-2018-17066
CRITICAL
D-Link DIR-816 A2 1.10 B05 - Command Injection
CVSS 9.8
CVE-2018-17064
CRITICAL
D-Link DIR-816 A2 1.10 B05 - Command Injection
CVSS 9.8
CVE-2018-17063
CRITICAL
D-Link DIR-816 A2 - Command Injection
CVSS 9.8
CVE-2018-16744
HIGH
mgetty < 1.2.1 - OS Command Injection via Unsanitized mail_to Parameter
CVSS 7.8
CVE-2018-16741
HIGH
mgetty < 1.2.1 - OS Command Injection via FaxQ-Helper Activate Command
CVSS 7.8
CVE-2018-15484
CRITICAL
KONE Group Controller Firmware < 4.6.5 - Unauthenticated Remote Code Execution via autoexec.bat Modification
CVSS 9.8
CVE-2018-16460
CRITICAL
Umbraengineering PS < 1.0.0 - Command Injection
CVSS 9.8
CVE-2018-4010
HIGH
ProtonVPN 1.5.1 - OS Command Injection via Configuration File
CVSS 7.8
CVE-2018-3952
HIGH
NordVPN 6.14.28.0 - OS Command Injection via Configuration File
CVSS 8.8
CVE-2018-0643
MEDIUM
Canonical Ubuntu Linux - OS Command Injection
CVSS 6.6
CVE-2018-15726
MEDIUM
Pulse Secure Desktop < 5.3R5 and 9.0R1 - Privilege Escalation
CVSS 5.3
CVE-2018-1000666
CRITICAL
Openvcloud < 2.3.0 - OS Command Injection
CVSS 9.8
CVE-2018-16146
HIGH
Opsview 5.4.0-5.4.1 - Authenticated OS Command Injection via Notification Test Value Parameter
CVSS 7.2
CVE-2018-16144
CRITICAL
Opsview < 5.3.1 and 5.4.x < 5.4.2 - OS Command Injection via NetAudit Rancid Password Parameter
CVSS 9.8
Details
Vulnerabilities
6,041
Exploit Likelihood
High