CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,974 vulnerabilities with CWE-78
CVE-2024-25579 MEDIUM
ELECOM wireless LAN routers - Command Injection
CVSS 6.8
CVE-2024-1683 HIGH
Tenable Identity Exposure < 3.59.4 - Authenticated DLL Injection via Application File Modification
CVSS 7.3
CVE-2024-25851 HIGH
Netis WF2780 v2.1.40144 - OS Command Injection via config_sequence Parameter
CVSS 8.0
CVE-2024-1212 CRITICAL KEV
LoadMaster 7.2.48.1-7.2.48.9 - Unauthenticated OS Command Injection
CVSS 10.0
CVE-2024-1297 HIGH
Loomio 2.22.0 - OS Command Injection
CVSS 7.2
CVE-2024-25626 HIGH
Yocto Project < 3.1.31 - Unauthenticated Remote Code Execution via Toaster HTTP Request
CVSS 8.8
CVE-2024-25468 HIGH
TOTOLINK X5000R V.9.1.0u.6369_B20230113 - Denial of Service via NTPSyncWithHost host_time Parameter
CVSS 7.5
CVE-2024-22426 HIGH
Dell RecoverPoint for Virtual Machines <6.0.SP1 - Command Injection
CVSS 7.2
CVE-2024-20720 CRITICAL
Adobe Commerce <2.4.6-p3, 2.4.5-p5, 2.4.4-p6 - Code Injection
CVSS 9.1
CVE-2024-26260 CRITICAL
HGiga OAKlouds 2.0/3.0 < 188 & WebBase 2.0/3.0 < 1051 - OS Command Injection
CVSS 9.8
CVE-2024-1367 HIGH
Tenable Security Center < 6.3.0 - Authenticated OS Command Injection via Logging Parameters
CVSS 7.2
CVE-2024-21782 MEDIUM
F5 BIG-IP and BIG-IQ - Authenticated OS Command Injection via SCP Utility
CVSS 6.7
CVE-2024-23789 HIGH
Sharp JH-RVB1/JH-RV11 Firmware < B0.1.9.1 - Unauthenticated OS Command Injection
CVSS 8.8
CVE-2024-23812 HIGH
SINEC NMS < V2.0 SP1 - OS Command Injection via Report Creation
CVSS 8.0
CVE-2024-22445 HIGH
Dell PowerProtect Data Manager <19.15 - Command Injection
CVSS 7.2
CVE-2024-22132 HIGH
SAP IDES ECC - OS Command Injection
CVSS 7.4
CVE-2024-22228 HIGH
Dell Unity <5.4 - Command Injection
CVSS 7.8
CVE-2024-22227 HIGH
Dell Unity <5.4 - Command Injection
CVSS 7.8
CVE-2024-22225 HIGH
Dell Unity <5.4 - Command Injection
CVSS 7.8
CVE-2024-22224 HIGH
Dell Unity <5.4 - Command Injection
CVSS 7.8
CVE-2024-22223 HIGH
Dell Unity <5.4 - Command Injection
CVSS 7.8
CVE-2024-22222 HIGH
Dell Unity <5.4 - Command Injection
CVSS 7.8
CVE-2024-0170 HIGH
Dell Unity Operating Environment < 5.4.0.0.5.094 - Authenticated OS Command Injection via svc_cava Utility
CVSS 7.8
CVE-2024-0168 HIGH
Dell Unity Operating Environment < 5.4.0.0.5.094 - Authenticated OS Command Injection via svc_oscheck Utility
CVSS 7.8
CVE-2024-0167 HIGH
Dell Unity Operating Environment < 5.4.0.0.5.094 - Authenticated OS Command Injection via svc_topstats Utility
CVSS 7.8
Details
Vulnerabilities 5,974
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits