CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2676

2676 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-31408	AIPHONE IX SYSTEM和AIPHONE IXG SYSTEM 操作系统命令注入漏洞 — IX-MV	8.0	-	2024-11-22
CVE-2024-28892	GoCast 操作系统命令注入漏洞 — GoCast	9.8	Critical	2024-11-21
CVE-2024-29224	GoCast 操作系统命令注入漏洞 — GoCast	9.8	Critical	2024-11-21
CVE-2024-28027	MC Technologies MC LR Router 操作系统命令注入漏洞 — MC LR Router	7.2	High	2024-11-21
CVE-2024-28026	MC Technologies MC LR Router 操作系统命令注入漏洞 — MC LR Router	7.2	High	2024-11-21
CVE-2024-28025	MC Technologies MC LR Router 操作系统命令注入漏洞 — MC LR Router	7.2	High	2024-11-21
CVE-2024-21786	MC Technologies MC LR Router 操作系统命令注入漏洞 — MC LR Router	7.2	High	2024-11-21
CVE-2024-7517	Privileged escalation via crafted use of portcfg command — Fabric OS	6.7^AI	Medium^AI	2024-11-21
CVE-2024-48895	Rakuten Turbo 5G 安全漏洞 — Rakuten Turbo 5G	8.8	High	2024-11-20
CVE-2024-51503	Trend Micro Deep Security 安全漏洞 — Trend Micro Deep Security	8.0	High	2024-11-19
CVE-2024-52587	Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts` — harden-runner	9.8	-	2024-11-18
CVE-2024-9474	PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface — Cloud NGFW	7.2^AI	High^AI	2024-11-18
CVE-2022-20652	Cisco Tetration Command Injection Vulnerability — Cisco Secure Workload	6.5	Medium	2024-11-15
CVE-2022-20655	Cisco 多款产品操作系统命令注入漏洞 — Cisco IOS XR Software	8.8	High	2024-11-15
CVE-2022-20871	Cisco Secure Web Appliance Privilege Escalation Vulnerability — Cisco Secure Web Appliance	6.3	Medium	2024-11-15
CVE-2023-20036	Cisco Industrial Network Director Command Injection Vulnerability — Cisco Industrial Network Director	9.9	Critical	2024-11-15
CVE-2022-1884	Remote Command Execution in gogs/gogs — gogs/gogs	8.1^AI	High^AI	2024-11-15
CVE-2024-10443	Synology BeePhotos 命令注入漏洞 — BeePhotos	9.8	Critical	2024-11-15
CVE-2024-11120	GeoVision EOL devices - OS Command Injection — GV-VS12	9.8	Critical	2024-11-15
CVE-2024-4343	Python Command Injection in imartinez/privategpt — imartinez/privategpt	9.8	-	2024-11-14
CVE-2024-32118	Fortinet FortiManager和FortiAnalyzer 操作系统命令注入漏洞 — FortiAnalyzer	6.3	Medium	2024-11-12
CVE-2024-11005	Ivanti Connect Secure 安全漏洞 — Connect Secure	9.1	Critical	2024-11-12
CVE-2024-52010	Zoraxy has an authenticated command injection in the Web SSH feature — zoraxy	8.8^AI	High^AI	2024-11-12
CVE-2024-11006	Ivanti Connect Secure 安全漏洞 — Connect Secure	9.1	Critical	2024-11-12
CVE-2024-11007	Ivanti Connect Secure 安全漏洞 — Connect Secure	9.1	Critical	2024-11-12
CVE-2024-46890	Siemens SINEC INS 操作系统命令注入漏洞 — SINEC INS	9.1	Critical	2024-11-12
CVE-2024-45827	SoftBank Mesh Wi-Fi router RP562B 操作系统命令注入漏洞 — Mesh Wi-Fi router RP562B	8.0	High	2024-11-12
CVE-2024-8881	Zyxel GS1900 安全漏洞 — GS1900-48 firmware	6.8	Medium	2024-11-12
CVE-2024-11066	D-Link DSL6740C - OS Command Injection — DSL6740C	7.2	High	2024-11-11
CVE-2024-11065	D-Link DSL6740C - OS Command Injection — DSL6740C	7.2	High	2024-11-11

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2676