Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0043 | 6 Bsdi, Caldera, Isc and 3 more | 7 Bsd Os, Openlinux, Inn and 4 more | 2024-08-01 | 10.0 HIGH | 9.8 CRITICAL |
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | |||||
CVE-2024-0778 | 1 Uniview | 2 Isc 2500-s, Isc 2500-s Firmware | 2024-08-01 | 7.7 HIGH | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
CVE-2024-39607 | 2024-08-01 | N/A | 6.8 MEDIUM | ||
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command. | |||||
CVE-2024-42029 | 2024-08-01 | N/A | 6.3 MEDIUM | ||
xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment. | |||||
CVE-2024-41317 | 2024-08-01 | N/A | 8.0 HIGH | ||
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | |||||
CVE-2024-41315 | 2024-08-01 | N/A | 6.8 MEDIUM | ||
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | |||||
CVE-2024-41314 | 2024-08-01 | N/A | 6.8 MEDIUM | ||
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | |||||
CVE-2024-41136 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-08-01 | N/A | 8.8 HIGH |
An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
CVE-2024-40895 | 2024-08-01 | N/A | 6.4 MEDIUM | ||
FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension. | |||||
CVE-2024-39202 | 1 Dlink | 2 Dir-823x Ax3000, Dir-823x Ax3000 Firmware | 2024-08-01 | N/A | 8.8 HIGH |
D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. | |||||
CVE-2024-36491 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition. | |||||
CVE-2024-30645 | 2024-08-01 | N/A | 8.0 HIGH | ||
Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter. | |||||
CVE-2024-28015 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet. | |||||
CVE-2024-26023 | 2024-08-01 | N/A | 4.2 MEDIUM | ||
OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands. | |||||
CVE-2024-25568 | 2024-08-01 | N/A | 8.8 HIGH | ||
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W v1.24 and earlier, and WMC-X1800GST-B v1.41 and earlier. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". | |||||
CVE-2023-24046 | 2024-08-01 | N/A | 6.8 MEDIUM | ||
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility. | |||||
CVE-2019-16639 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admin passwords via the mode_url=exec&command= substring. This affects EG-2000SE EG_RGOS 11.9 B11P1. | |||||
CVE-2024-22372 | 1 Elecom | 10 Wrc-x1800gs-b, Wrc-x1800gs-b Firmware, Wrc-x1800gsa-b and 7 more | 2024-08-01 | N/A | 6.8 MEDIUM |
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | |||||
CVE-2024-24622 | 1 Softaculous | 1 Webuzo | 2024-07-30 | 9.0 HIGH | 8.8 HIGH |
Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. | |||||
CVE-2020-11920 | 1 Svakom | 2 Siime Eye, Siime Eye Firmware | 2024-07-30 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root). |