CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

359 vulnerabilities with CWE-88
CVE-2019-1783 MEDIUM
Cisco NX-OS < 7.3(4)n1(1) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1782 MEDIUM
Cisco FXOS and NX-OS - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1781 MEDIUM
Cisco FXOS and NX-OS - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1779 MEDIUM
Cisco FXOS and NX-OS - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1735 HIGH
Cisco NX-OS < 8.3(1) - Authenticated Command Injection via CLI Argument
CVSS 7.8
CVE-2019-3931 HIGH
Crestron AM-100/101 <1.6.0.2/<2.7.0.2 - Command Injection
CVSS 8.8
CVE-2019-9794 CRITICAL
Firefox < 66 and Thunderbird < 60.6 - Argument Injection via URL Handler Command Line Arguments
CVSS 9.8
CVE-2019-0764 MEDIUM
Microsoft Browsers - Info Disclosure
CVSS 6.5
CVE-2019-1613 MEDIUM
Cisco NX-OS - Authenticated Command Injection via CLI Arguments
CVSS 6.7
CVE-2019-1611 MEDIUM
Cisco NX-OS and FX-OS - Authenticated Command Injection via CLI Arguments
CVSS 6.7
CVE-2019-1610 MEDIUM
Cisco NX-OS 7.0(3)-7.0(3)I7(3) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1609 MEDIUM
Cisco NX-OS 8.2-8.3(2) - Authenticated Command Injection via CLI Arguments
CVSS 6.7
CVE-2019-1608 MEDIUM
Cisco NX-OS 8.2-8.3(1) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1607 MEDIUM
Cisco NX-OS 8.0-8.2(3) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1606 HIGH
Cisco NX-OS 7.0(3)I7-7.0(3)I7(4) - Authenticated Command Injection via CLI Arguments
CVSS 7.8
CVE-2019-6453 HIGH
mIRC < 7.55 - Remote Command Execution via Custom URI Protocol Handler
CVSS 8.1
CVE-2019-3463 CRITICAL
rssh - Command Injection via Insufficient Argument Sanitization
CVSS 9.8
CVE-2018-20234 HIGH
Atlassian Sourcetree <3.1.1 - Command Injection
CVSS 8.8
CVE-2018-19518 HIGH
University of Washington IMAP Toolkit 2007f - Command Injection
CVSS 7.5
CVE-2018-11025 HIGH
Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 - Code Injection
CVSS 7.5
CVE-2018-11024 HIGH
Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 - Code Injection
CVSS 7.5
CVE-2018-11023 HIGH
Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 - Code Injection
CVSS 7.5
CVE-2018-11022 HIGH
Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 - Code Injection
CVSS 7.5
CVE-2018-11021 HIGH
Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 - Code Injection
CVSS 7.5
CVE-2018-11020 MEDIUM
Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 - Code Injection
CVSS 4.4
Details
Vulnerabilities 359
Links
MITRE CWE Entry Search this CWE With Exploits