Total
1693 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-7029 | 1 Avtech | 2 Avm1203, Avm1203 Firmware | 2024-09-17 | N/A | 9.8 CRITICAL |
Commands can be injected over the network and executed without authentication. | |||||
CVE-2024-2947 | 2024-09-16 | N/A | 7.3 HIGH | ||
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer. | |||||
CVE-2024-7700 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-09-16 | N/A | 6.5 MEDIUM |
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script. | |||||
CVE-2024-38641 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-16 | N/A | 7.8 HIGH |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later | |||||
CVE-2024-8640 | 1 Gitlab | 1 Gitlab | 2024-09-14 | N/A | 8.8 HIGH |
An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server. | |||||
CVE-2024-38486 | 1 Dell | 1 Smartfabric Os10 | 2024-09-13 | N/A | 8.8 HIGH |
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | |||||
CVE-2021-38120 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 7.2 HIGH |
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. | |||||
CVE-2024-46048 | 2024-09-13 | N/A | 8.8 HIGH | ||
Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | |||||
CVE-2024-44466 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-09-13 | N/A | 9.8 CRITICAL |
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface. | |||||
CVE-2024-8073 | 1 Hillstonenet | 1 Web Application Firewall | 2024-09-12 | N/A | 9.8 CRITICAL |
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13. | |||||
CVE-2023-46424 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-12 | N/A | 9.8 CRITICAL |
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function. | |||||
CVE-2024-45824 | 2024-09-12 | N/A | 9.8 CRITICAL | ||
CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue. | |||||
CVE-2024-44401 | 1 Dlink | 2 Di-8100g, Di-8100g Firmware | 2024-09-12 | N/A | 9.8 CRITICAL |
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file | |||||
CVE-2023-51025 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-09-12 | N/A | 9.8 CRITICAL |
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. | |||||
CVE-2023-51014 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-09-12 | N/A | 9.8 CRITICAL |
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi | |||||
CVE-2024-44572 | 2024-09-12 | N/A | 8.8 HIGH | ||
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function. | |||||
CVE-2024-44570 | 2024-09-12 | N/A | 8.8 HIGH | ||
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php. | |||||
CVE-2024-44574 | 2024-09-12 | N/A | 8.8 HIGH | ||
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function. | |||||
CVE-2024-44577 | 2024-09-12 | N/A | 8.8 HIGH | ||
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function. | |||||
CVE-2024-7110 | 1 Gitlab | 1 Gitlab | 2024-09-11 | N/A | 6.4 MEDIUM |
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. |