Total
1844 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34153 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-12-02 | N/A | 7.8 HIGH |
| A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. | |||||
| CVE-2024-3400 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-29 | N/A | 10.0 CRITICAL |
| A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | |||||
| CVE-2024-3273 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-11-29 | 7.5 HIGH | 7.3 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2024-21887 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-29 | N/A | 9.1 CRITICAL |
| A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | |||||
| CVE-2024-11013 | 2024-11-29 | N/A | 7.2 HIGH | ||
| Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management interface. | |||||
| CVE-2024-9076 | 1 Dedecms | 1 Dedecms | 2024-11-28 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-37782 | 2024-11-27 | N/A | 9.8 CRITICAL | ||
| An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field. | |||||
| CVE-2024-33439 | 2024-11-27 | N/A | 9.1 CRITICAL | ||
| An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters. | |||||
| CVE-2024-29292 | 2024-11-27 | N/A | 9.1 CRITICAL | ||
| Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters. | |||||
| CVE-2023-33298 | 1 Perimeter81 | 1 Xpc Helpertool | 2024-11-27 | N/A | 7.8 HIGH |
| com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. | |||||
| CVE-2024-48747 | 2024-11-26 | N/A | 6.8 MEDIUM | ||
| An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file. | |||||
| CVE-2024-53899 | 1 Virtualenv | 1 Virtualenv | 2024-11-26 | N/A | 9.8 CRITICAL |
| virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. | |||||
| CVE-2024-11320 | 1 Pandorafms | 1 Pandora Fms | 2024-11-26 | N/A | 9.8 CRITICAL |
| Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4 | |||||
| CVE-2024-48288 | 2024-11-26 | N/A | N/A | ||
| TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend. | |||||
| CVE-2023-20219 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | N/A | 7.2 HIGH |
| Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device. | |||||
| CVE-2023-20220 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | N/A | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device. | |||||
| CVE-2024-38831 | 2024-11-26 | N/A | 7.8 HIGH | ||
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations. | |||||
| CVE-2024-53333 | 2024-11-25 | N/A | 6.3 MEDIUM | ||
| TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter. | |||||
| CVE-2024-51027 | 2024-11-25 | N/A | 6.5 MEDIUM | ||
| Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter. | |||||
| CVE-2024-39577 | 1 Dell | 1 Smartfabric Os10 | 2024-11-25 | N/A | 7.1 HIGH |
| Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution. | |||||