CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

359 vulnerabilities with CWE-88
CVE-2020-7808 HIGH
RAONWIZ K Upload <v2018.0.2.51 - Code Injection
CVSS 8.7
CVE-2020-1738 LOW
Ansible Engine - Code Injection
CVSS 3.9
CVE-2020-5546 HIGH
Mitsubishi Electric MELQIC IU1 <1.0.7 - Command Injection
CVSS 8.8
CVE-2020-6799 HIGH
Firefox < 73.0 and Firefox ESR < 68.5.0 - Command Injection via Shell Handler File Type Association
CVSS 8.8
CVE-2019-10800 MEDIUM
codecov-python < 2.0.16 - OS Command Injection via Gcov Arguments
CVSS 6.5
CVE-2019-18888 HIGH
Symfony 2.8.0-2.8.50, 3.4.0-3.4.34, 4.2.0-4.2.11, 4.3.0-4.3.7 - Argument Injection via MIME Type Validation
CVSS 7.5
CVE-2019-5013 HIGH
Wacom 6.3.32-3 - Privilege Escalation
CVSS 7.8
CVE-2019-5012 HIGH
Wacom 6.3.32-3 - Privilege Escalation
CVSS 7.8
CVE-2019-12148 CRITICAL
Sangoma Session Border Controller 2.3.23-119 GA - Auth Bypass
CVSS 9.8
CVE-2019-12147 CRITICAL
Sangoma SBC 2.3.23-119 GA - Command Injection
CVSS 9.8
CVE-2019-11751 HIGH
Firefox < 69.0 and Firefox ESR < 68.1.0 - Argument Injection via Logging Parameters
CVSS 8.8
CVE-2019-15541 HIGH
rustls < 0.16.0 - Denial of Service via Client Writable State Manipulation
CVSS 7.5
CVE-2019-10746 CRITICAL
mixin-deep < 1.3.2 - Prototype Pollution via Constructor Payload
CVSS 9.8
CVE-2019-15498 HIGH
Vera Edge Home Controller <1.7.4452 - Command Injection
CVSS 8.8
CVE-2019-12264 HIGH
Wind River VxWorks <6.9.5 - Privilege Escalation
CVSS 7.1
CVE-2019-12578 HIGH
London Trust Media PIA VPN Client v82 - Privilege Escalation
CVSS 7.8
CVE-2019-13475 HIGH
MobaXterm 11.1 - Remote Code Execution via mobaxterm: URI Handler Argument Injection
CVSS 8.8
CVE-2019-8321 HIGH
RubyGems 2.6.0-3.0.2 - Escape Sequence Injection via Gem::UserInteraction#verbose
CVSS 7.5
CVE-2019-11582 HIGH
Atlassian Sourcetree for Windows <3.1.3 - Command Injection
CVSS 8.8
CVE-2019-5804 MEDIUM
Chrome < 73.0.3683.75 - Domain Spoofing via Crafted Domain Name
CVSS 5.5
CVE-2019-1780 MEDIUM
Cisco NX-OS and FXOS - Authenticated Command Injection via CLI Arguments
CVSS 6.7
CVE-2019-1795 MEDIUM
Cisco NX-OS <8.2(3) & Firepower <2.0.1.201 - Authenticated CLI Command Injection
CVSS 6.7
CVE-2019-1791 MEDIUM
Cisco NX-OS 5.2-6.2(25) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1790 MEDIUM
Cisco NX-OS 5.2-6.2(25) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1784 MEDIUM
Cisco NX-OS < 7.3(5)n1(1) - Authenticated Command Injection via CLI Argument
CVSS 6.7
Details
Vulnerabilities 359
Links
MITRE CWE Entry Search this CWE With Exploits