Total
2291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45066 | 1 Doverfuelingsolutions | 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more | 2024-10-01 | 10 Critical |
| A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | ||||
| CVE-2024-47177 | 1 Openprinting | 1 Cpdb-libs | 2024-09-30 | 9.1 Critical |
| CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution. | ||||
| CVE-2024-45989 | 1 Butterflyeffectpte | 1 Monica | 2024-09-30 | 4 Medium |
| Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious third-party or attacker-controlled server. | ||||
| CVE-2023-47563 | 1 Qnap | 1 Video Station | 2024-09-28 | 7.4 High |
| An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later | ||||
| CVE-2024-42025 | 2 Ubiquiti, Ui | 2 Unifi Network Application, Unifi Network Application | 2024-09-28 | 7.8 High |
| A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. | ||||
| CVE-2024-45682 | 2 Millbeck, Millbeck Communications | 3 Proroute H685t-w, Proroute H685t-w Firmware, Proroute H685t-w | 2024-09-27 | 8.8 High |
| There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. | ||||
| CVE-2024-0005 | 1 Purestorage | 4 Flasharray, Flashblade, Purity\/\/fa and 1 more | 2024-09-27 | 9.1 Critical |
| A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | ||||
| CVE-2024-42507 | 1 Arubanetworks | 1 Arubaos | 2024-09-26 | 9.8 Critical |
| Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2024-42506 | 1 Arubanetworks | 1 Arubaos | 2024-09-26 | 9.8 Critical |
| Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2024-42505 | 1 Arubanetworks | 1 Arubaos | 2024-09-26 | 9.8 Critical |
| Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-36103 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-09-24 | 8 High |
| Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request. | ||||
| CVE-2024-33508 | 1 Fortinet | 2 Forticlient Endpoint Management Server, Forticlient Enterprise Management Server | 2024-09-20 | 6.9 Medium |
| An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests. | ||||
| CVE-2024-46048 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2024-09-20 | 8.8 High |
| Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | ||||
| CVE-2024-7110 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 6.4 Medium |
| An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. | ||||
| CVE-2024-38641 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-16 | 7.8 High |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later | ||||
| CVE-2024-38486 | 1 Dell | 1 Smartfabric Os10 | 2024-09-13 | 7.5 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2021-38120 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 5.1 Medium |
| A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. | ||||
| CVE-2024-44466 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-09-13 | 9.8 Critical |
| COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface. | ||||
| CVE-2024-8073 | 1 Hillstonenet | 1 Web Application Firewall | 2024-09-12 | 9.8 Critical |
| Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13. | ||||
| CVE-2024-44401 | 2 D-link, Dlink | 3 Di-8100, Di-8100g, Di-8100g Firmware | 2024-09-12 | 9.8 Critical |
| D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file | ||||