CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,974 vulnerabilities with CWE-78
CVE-2024-31705 CRITICAL
GLPI 10.X.X and after - Remote Code Execution via Insufficient Input Validation
CVSS 9.8
CVE-2024-3196 MEDIUM
MailCleaner <2023.03.14 - Code Injection
CVSS 6.7
CVE-2024-3193 HIGH
MailCleaner <2023.03.14 - Code Injection
CVSS 8.8
CVE-2024-3191 CRITICAL
MailCleaner <2023.03.14 - Code Injection
CVSS 9.8
CVE-2024-4301 HIGH
N-Reporter and N-Cloud - Command Injection
CVSS 8.8
CVE-2024-4299 HIGH
HGiga iSherlock - Command Injection
CVSS 7.2
CVE-2024-4298 HIGH
HGiga iSherlock - Command Injection
CVSS 7.2
CVE-2024-4255 MEDIUM
Ruijie RG-UAC <20240419 - Code Injection
CVSS 4.7
CVE-2024-33343 HIGH
D-Link DIR-822+ V1.0.5 - OS Command Injection via ChgSambaUserSettings Function
CVSS 8.8
CVE-2024-32766 CRITICAL
QNAP QTS < 4.5.4.2627 and QuTS hero < h4.5.4.2626 and QuTScloud < c5.1.5.2651 - OS Command Injection
CVSS 10.0
CVE-2024-27124 HIGH
QNAP QTS 4.5.1-4.5.4.2626 and QTS 5.1.3.2578 - OS Command Injection
CVSS 7.5
CVE-2024-0740 CRITICAL
Eclipse Target Management <= 4.5.400 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2024-20358 MEDIUM
Cisco ASA/FTD - Privilege Escalation
CVSS 6.0
CVE-2024-20356 HIGH
Cisco Unified Computing System (Standalone) - Authenticated OS Command Injection
CVSS 8.7
CVE-2024-20295 HIGH
Cisco Unified Computing System <=3.0(3f) Authenticated OS Command Injection via CLI
CVSS 8.8
CVE-2024-32477 HIGH
Deno < 1.42.2 - Permission Bypass via ANSI Escape Sequence Injection
CVSS 7.7
CVE-2024-3880 MEDIUM
Tenda W30E 1.0.1.25(633) - OS Command Injection via formWriteFacMac mac Parameter
CVSS 6.3
CVE-2024-2659 HIGH
Lenovo NextScale N1200 Enclosure Firmware < FHET62A-3.50 - Authenticated OS Command Injection
CVSS 7.2
CVE-2024-3781 CRITICAL
WBSAirback 21.02.04 - Command Injection
CVSS 9.1
CVE-2024-26023 MEDIUM
Buffalo Wsr-2533dhp Firmware < 1.07 - OS Command Injection
CVSS 4.2
CVE-2024-1655 HIGH
ASUS WiFi Routers - Command Injection
CVSS 8.8
CVE-2024-3739 MEDIUM
nginxwebui < 4.2.4 - OS Command Injection via /adminPage/main/upload File Parameter
CVSS 6.3
CVE-2024-3721 MEDIUM
TBK DVR-4104/4216 <20240412 - Command Injection
CVSS 6.3
CVE-2024-2742 MEDIUM
Planet IGS-4215-16T2S <1.305b210528 - Command Injection
CVSS 6.4
CVE-2024-2029 CRITICAL
mudler/localai < 2.10.0 - OS Command Injection via TranscriptEndpoint audioToWav Function
CVSS 9.8
Details
Vulnerabilities 5,974
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits