Filtered by vendor
Subscriptions
Total
2150 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-38228 | 1 Microsoft | 1 Sharepoint Server | 2024-10-09 | 7.2 High |
Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
CVE-2024-38227 | 1 Microsoft | 1 Sharepoint Server | 2024-10-09 | 7.2 High |
Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
CVE-2024-20492 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-10-08 | 6 Medium |
A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. | ||||
CVE-2024-20365 | 1 Cisco | 2 Unified Computing System, Unified Computing System Manager Firmware | 2024-10-08 | 6.5 Medium |
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root. | ||||
CVE-2024-20432 | 1 Cisco | 2 Data Center Network Manager, Nexus Dashboard Fabric Controller | 2024-10-08 | 9.9 Critical |
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges. Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment. | ||||
CVE-2023-26315 | 1 Mi | 2 Ax9000, Ax9000 Firmware | 2024-10-08 | 6.5 Medium |
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device. | ||||
CVE-2024-44610 | 1 Pcan Ethernet | 1 Gateway Fd | 2024-10-04 | 5.6 Medium |
PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php. | ||||
CVE-2024-46084 | 1 Scriptcase | 1 Scriptcase | 2024-10-04 | 8 High |
Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. | ||||
CVE-2024-7575 | 1 Telerik | 1 Ui For Wpf | 2024-10-03 | 7.8 High |
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | ||||
CVE-2024-8405 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2024-10-03 | 6.1 Medium |
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712. | ||||
CVE-2024-5480 | 2024-10-02 | 10.0 Critical | ||
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
CVE-2024-43693 | 1 Doverfuelingsolutions | 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more | 2024-10-01 | 10 Critical |
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | ||||
CVE-2024-7679 | 1 Telerik | 2 Ui For Winforms, Ui For Wpf | 2024-10-01 | 7.8 High |
In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | ||||
CVE-2024-45066 | 1 Doverfuelingsolutions | 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more | 2024-10-01 | 10 Critical |
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | ||||
CVE-2024-47177 | 1 Openprinting | 1 Cpdb-libs | 2024-09-30 | 9.1 Critical |
CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution. | ||||
CVE-2024-45989 | 1 Butterflyeffectpte | 1 Monica | 2024-09-30 | 4 Medium |
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious third-party or attacker-controlled server. | ||||
CVE-2023-47563 | 1 Qnap | 1 Video Station | 2024-09-29 | 7.4 High |
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later | ||||
CVE-2024-42025 | 2 Ubiquiti, Ui | 2 Unifi Network Application, Unifi Network Application | 2024-09-28 | 7.8 High |
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. | ||||
CVE-2024-45682 | 2 Millbeck, Millbeck Communications | 3 Proroute H685t-w, Proroute H685t-w Firmware, Proroute H685t-w | 2024-09-27 | 8.8 High |
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. | ||||
CVE-2024-7700 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-09-27 | 6.5 Medium |
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script. |