Filtered by CWE-77
Filtered by vendor Subscriptions
Total 2150 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-38228 1 Microsoft 1 Sharepoint Server 2024-10-09 7.2 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38227 1 Microsoft 1 Sharepoint Server 2024-10-09 7.2 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-20492 1 Cisco 1 Telepresence Video Communication Server 2024-10-08 6 Medium
A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
CVE-2024-20365 1 Cisco 2 Unified Computing System, Unified Computing System Manager Firmware 2024-10-08 6.5 Medium
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root.
CVE-2024-20432 1 Cisco 2 Data Center Network Manager, Nexus Dashboard Fabric Controller 2024-10-08 9.9 Critical
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.   This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges.   Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment.
CVE-2023-26315 1 Mi 2 Ax9000, Ax9000 Firmware 2024-10-08 6.5 Medium
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device.
CVE-2024-44610 1 Pcan Ethernet 1 Gateway Fd 2024-10-04 5.6 Medium
PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.
CVE-2024-46084 1 Scriptcase 1 Scriptcase 2024-10-04 8 High
Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.
CVE-2024-7575 1 Telerik 1 Ui For Wpf 2024-10-03 7.8 High
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
CVE-2024-8405 1 Papercut 2 Papercut Mf, Papercut Ng 2024-10-03 6.1 Medium
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712.
CVE-2024-5480 2024-10-02 10.0 Critical
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-43693 1 Doverfuelingsolutions 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more 2024-10-01 10 Critical
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
CVE-2024-7679 1 Telerik 2 Ui For Winforms, Ui For Wpf 2024-10-01 7.8 High
In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
CVE-2024-45066 1 Doverfuelingsolutions 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more 2024-10-01 10 Critical
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
CVE-2024-47177 1 Openprinting 1 Cpdb-libs 2024-09-30 9.1 Critical
CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.
CVE-2024-45989 1 Butterflyeffectpte 1 Monica 2024-09-30 4 Medium
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious third-party or attacker-controlled server.
CVE-2023-47563 1 Qnap 1 Video Station 2024-09-29 7.4 High
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later
CVE-2024-42025 2 Ubiquiti, Ui 2 Unifi Network Application, Unifi Network Application 2024-09-28 7.8 High
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
CVE-2024-45682 2 Millbeck, Millbeck Communications 3 Proroute H685t-w, Proroute H685t-w Firmware, Proroute H685t-w 2024-09-27 8.8 High
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
CVE-2024-7700 2 Redhat, Theforeman 2 Satellite, Foreman 2024-09-27 6.5 Medium
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script.