CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1153

1153 vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-39703	ThreatQuotient ThreatQ 安全漏洞 — ThreatQ	8.8	High	2024-12-18
CVE-2024-12356	Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA) — Remote Support	9.8	Critical	2024-12-17
CVE-2024-56084	Logpoint Universal Normalizer 安全漏洞 — n/a	8.8	-	2024-12-16
CVE-2024-53290	Dell ThinOS 命令注入漏洞 — Wyse Proprietary OS (Modern ThinOS)	8.4	High	2024-12-11
CVE-2024-11772	Ivanti CSA 安全漏洞 — Cloud Services Application	9.1	Critical	2024-12-10
CVE-2024-11634	Ivanti Connect Secure 安全漏洞 — Connect Secure	9.1	Critical	2024-12-10
CVE-2024-55547	Remote Command Execution via SNMP — IAP-420	9.8	-	2024-12-10
CVE-2024-55544	Authenticated Command Injection — IAP-420	5.4	-	2024-12-10
CVE-2024-12350	JFinalCMS Template TemplateController.java update command injection — JFinalCMS	6.3	Medium	2024-12-09
CVE-2024-50388	HBS 3 Hybrid Backup Sync — HBS 3 Hybrid Backup Sync	9.8	-	2024-12-06
CVE-2024-11013	NEC UNIVERGE IX 安全漏洞 — UNIVERGE IX	7.2	High	2024-11-29
CVE-2024-11659	EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_iperf command injection — ENH1350EXT	4.7	Medium	2024-11-25
CVE-2024-11658	EnGenius ENH1350EXT/ENS500-AC/ENS620EXT ajax_getChannelList command injection — ENH1350EXT	4.7	Medium	2024-11-25
CVE-2024-11657	EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_nslookup command injection — ENH1350EXT	4.7	Medium	2024-11-25
CVE-2024-11656	EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_ping6 command injection — ENH1350EXT	4.7	Medium	2024-11-25
CVE-2024-11655	EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_pinginterface command injection — ENH1350EXT	4.7	Medium	2024-11-25
CVE-2024-11654	EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_traceroute6 command injection — ENH1350EXT	4.7	Medium	2024-11-25
CVE-2024-11653	EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_traceroute command injection — ENH1350EXT	4.7	Medium	2024-11-25
CVE-2024-11652	EnGenius ENH1350EXT/ENS500-AC/ENS620EXT sn_https command injection — ENH1350EXT	4.7	Medium	2024-11-25
CVE-2024-11651	EnGenius ENH1350EXT/ENS500-AC/ENS620EXT wifi_schedule command injection — ENH1350EXT	4.7	Medium	2024-11-25
CVE-2024-11665	Unauthenticated Remote Command Injection — cph2_echarge_firmware	8.8	High	2024-11-24
CVE-2021-38116	Possible Command injection Vulnerability in OpenText iManager — iManager	8.8	High	2024-11-22
CVE-2023-24467	Possible Command Injection in OpenText iManager — iManager	8.8	High	2024-11-22
CVE-2024-38644	Notes Station 3 — Notes Station 3	8.8	-	2024-11-22
CVE-2024-48860	QHora — QuRouter	9.8	-	2024-11-22
CVE-2024-48861	QHora — QuRouter	7.8	-	2024-11-22
CVE-2024-11320	Command Injection leading to RCE via LDAP Misconfiguration — Pandora FMS	9.8^AI	Critical^AI	2024-11-21
CVE-2024-45505	Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities — Apache HertzBeat	8.8^AI	High^AI	2024-11-18
CVE-2024-52308	Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer — cli	8.0	High	2024-11-14
CVE-2024-43613	Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability — Azure Database for PostgreSQL Flexible Server	7.2	High	2024-11-12

Vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) represent 1153 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1153