Vulnerabilities (CVE)

Filtered by CWE-77
Total 1693 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-7029 1 Avtech 2 Avm1203, Avm1203 Firmware 2024-09-17 N/A 9.8 CRITICAL
Commands can be injected over the network and executed without authentication.
CVE-2024-2947 2024-09-16 N/A 7.3 HIGH
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
CVE-2024-7700 2 Redhat, Theforeman 2 Satellite, Foreman 2024-09-16 N/A 6.5 MEDIUM
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script.
CVE-2024-38641 1 Qnap 2 Qts, Quts Hero 2024-09-16 N/A 7.8 HIGH
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later
CVE-2024-8640 1 Gitlab 1 Gitlab 2024-09-14 N/A 8.8 HIGH
An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server.
CVE-2024-38486 1 Dell 1 Smartfabric Os10 2024-09-13 N/A 8.8 HIGH
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVE-2021-38120 1 Microfocus 1 Netiq Advanced Authentication 2024-09-13 N/A 7.2 HIGH
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
CVE-2024-46048 2024-09-13 N/A 8.8 HIGH
Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i
CVE-2024-44466 1 Comfast 2 Cf-xr11, Cf-xr11 Firmware 2024-09-13 N/A 9.8 CRITICAL
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.
CVE-2024-8073 1 Hillstonenet 1 Web Application Firewall 2024-09-12 N/A 9.8 CRITICAL
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.
CVE-2023-46424 1 Totolink 2 X6000r, X6000r Firmware 2024-09-12 N/A 9.8 CRITICAL
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.
CVE-2024-45824 2024-09-12 N/A 9.8 CRITICAL
CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.
CVE-2024-44401 1 Dlink 2 Di-8100g, Di-8100g Firmware 2024-09-12 N/A 9.8 CRITICAL
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
CVE-2023-51025 1 Totolink 2 Ex1800t, Ex1800t Firmware 2024-09-12 N/A 9.8 CRITICAL
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.
CVE-2023-51014 1 Totolink 2 Ex1800t, Ex1800t Firmware 2024-09-12 N/A 9.8 CRITICAL
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi
CVE-2024-44572 2024-09-12 N/A 8.8 HIGH
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function.
CVE-2024-44570 2024-09-12 N/A 8.8 HIGH
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php.
CVE-2024-44574 2024-09-12 N/A 8.8 HIGH
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function.
CVE-2024-44577 2024-09-12 N/A 8.8 HIGH
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function.
CVE-2024-7110 1 Gitlab 1 Gitlab 2024-09-11 N/A 6.4 MEDIUM
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.