Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34338 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability. | |||||
| CVE-2024-34218 | 2024-11-21 | N/A | 3.8 LOW | ||
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. | |||||
| CVE-2024-34206 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | |||||
| CVE-2024-34204 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. | |||||
| CVE-2024-33789 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. | |||||
| CVE-2024-33788 | 2024-11-21 | N/A | 8.0 HIGH | ||
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. | |||||
| CVE-2024-33344 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | |||||
| CVE-2024-33342 | 2024-11-21 | N/A | 7.5 HIGH | ||
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | |||||
| CVE-2024-33113 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. | |||||
| CVE-2024-33112 | 2024-11-21 | N/A | 7.5 HIGH | ||
| D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. | |||||
| CVE-2024-32884 | 2024-11-21 | N/A | 6.4 MEDIUM | ||
| gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. This issue has been patched in versions 0.35.0, 0.42.0 and 0.62.0. | |||||
| CVE-2024-32766 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2024-32355 | 2024-11-21 | N/A | 8.0 HIGH | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function. | |||||
| CVE-2024-32354 | 2024-11-21 | N/A | 6.0 MEDIUM | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | |||||
| CVE-2024-32353 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. | |||||
| CVE-2024-32349 | 2024-11-21 | N/A | 6.0 MEDIUM | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary. | |||||
| CVE-2024-32314 | 2024-11-21 | N/A | 3.8 LOW | ||
| Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | |||||
| CVE-2024-32292 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | |||||
| CVE-2024-32283 | 2024-11-21 | N/A | 7.3 HIGH | ||
| Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | |||||
| CVE-2024-32282 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | |||||