Total
4312 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43385 | 1 Phoenixcontact | 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more | 2024-09-27 | N/A | 8.8 HIGH |
| A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices. | |||||
| CVE-2024-7699 | 1 Phoenixcontact | 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more | 2024-09-27 | N/A | 8.8 HIGH |
| An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data. | |||||
| CVE-2024-45682 | 1 Millbeck | 2 Proroute H685t-w, Proroute H685t-w Firmware | 2024-09-27 | N/A | 8.8 HIGH |
| There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. | |||||
| CVE-2024-44678 | 2024-09-26 | N/A | 8.0 HIGH | ||
| Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. This allows an authenticated attacker to execute arbitrary commands on the device by sending a crafted HTTP request to the ssid parameter in the request. | |||||
| CVE-2023-39300 | 1 Qnap | 1 Qts | 2024-09-24 | N/A | 7.2 HIGH |
| An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later | |||||
| CVE-2024-9001 | 1 Totolink | 2 T10, T10 Firmware | 2024-09-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9004 | 1 Dlink | 2 Dar-7000, Dar-7000 Firmware | 2024-09-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-8869 | 1 Totolink | 2 A720r, A720r Firmware | 2024-09-20 | 4.6 MEDIUM | 5.0 MEDIUM |
| A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-20469 | 1 Cisco | 1 Identity Services Engine | 2024-09-20 | N/A | 6.0 MEDIUM |
| A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid Administrator privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | |||||
| CVE-2024-21906 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-20 | N/A | 4.7 MEDIUM |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later | |||||
| CVE-2024-45798 | 2024-09-20 | N/A | 9.9 CRITICAL | ||
| arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts. | |||||
| CVE-2024-42502 | 2024-09-20 | N/A | 7.2 HIGH | ||
| Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system. | |||||
| CVE-2024-43778 | 2024-09-20 | N/A | 8.8 HIGH | ||
| OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | |||||
| CVE-2024-42503 | 2024-09-20 | N/A | 7.2 HIGH | ||
| Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system. | |||||
| CVE-2023-47105 | 2024-09-20 | N/A | 8.6 HIGH | ||
| exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. | |||||
| CVE-2024-6091 | 1 Agpt | 1 Autogpt | 2024-09-18 | N/A | 9.8 CRITICAL |
| A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executing commands with a modified path, such as '/bin/./whoami', which is not recognized by the denylist. | |||||
| CVE-2023-34979 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-17 | N/A | 6.6 MEDIUM |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2790 build 20240606 and later | |||||
| CVE-2024-38641 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-16 | N/A | 7.8 HIGH |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later | |||||
| CVE-2024-8278 | 2024-09-14 | N/A | 7.2 HIGH | ||
| A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. | |||||
| CVE-2024-8279 | 2024-09-14 | N/A | 7.2 HIGH | ||
| A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | |||||