Total
4635 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9474 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-20 | N/A | 7.2 HIGH |
| A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | |||||
| CVE-2020-21583 | 1 Kernel | 1 Util-linux | 2024-12-20 | N/A | 6.7 MEDIUM |
| An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. | |||||
| CVE-2023-23356 | 2024-12-19 | N/A | 5.5 MEDIUM | ||
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QuFirewall 2.3.3 ( 2023/03/27 ) and later and later | |||||
| CVE-2023-51450 | 1 Basercms | 1 Basercms | 2024-12-18 | N/A | 5.6 MEDIUM |
| baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability. | |||||
| CVE-2024-21786 | 1 Mc-technologies | 2 Mc Lr Router, Mc Lr Router Firmware | 2024-12-18 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2024-53688 | 2024-12-18 | N/A | 7.2 HIGH | ||
| Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request. | |||||
| CVE-2024-47133 | 2024-12-18 | N/A | 7.2 HIGH | ||
| UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. | |||||
| CVE-2024-29224 | 1 Mayuresh82 | 1 Gocast | 2024-12-17 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2024-53375 | 2024-12-17 | N/A | 8.0 HIGH | ||
| An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the HomeShield functionality. | |||||
| CVE-2024-53376 | 2024-12-17 | N/A | 8.8 HIGH | ||
| CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI. | |||||
| CVE-2022-48472 | 1 Huawei | 3 Bisheng-wnm, Bisheng-wnm Firmware, Ota-bisheng Firmware | 2024-12-17 | N/A | 9.8 CRITICAL |
| A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211. | |||||
| CVE-2024-1683 | 1 Tenable | 1 Identity Exposure | 2024-12-17 | N/A | 7.3 HIGH |
| A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services. | |||||
| CVE-2024-10966 | 1 Totolink | 2 X18, X18 Firmware | 2024-12-16 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-2353 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-12-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-34800 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-12-16 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main. | |||||
| CVE-2023-25925 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-12-13 | N/A | 8.5 HIGH |
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632. | |||||
| CVE-2024-42057 | 1 Zyxel | 16 Atp100, Atp100w, Atp200 and 13 more | 2024-12-13 | N/A | 8.1 HIGH |
| A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists. | |||||
| CVE-2024-42060 | 1 Zyxel | 16 Atp100, Atp100w, Atp200 and 13 more | 2024-12-13 | N/A | 7.2 HIGH |
| A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted internal user agreement file to the vulnerable device. | |||||
| CVE-2024-42059 | 1 Zyxel | 16 Atp100, Atp100w, Atp200 and 13 more | 2024-12-13 | N/A | 7.2 HIGH |
| A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed language file via FTP. | |||||
| CVE-2024-7203 | 1 Zyxel | 15 Atp100, Atp100w, Atp200 and 12 more | 2024-12-13 | N/A | 7.2 HIGH |
| A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command. | |||||