Filtered by CWE-77
Filtered by vendor Subscriptions
Total 2150 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-0005 1 Purestorage 4 Flasharray, Flashblade, Purity\/\/fa and 1 more 2024-09-27 9.1 Critical
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
CVE-2024-42507 1 Arubanetworks 1 Arubaos 2024-09-26 9.8 Critical
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2024-42506 1 Arubanetworks 1 Arubaos 2024-09-26 9.8 Critical
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2024-42505 1 Arubanetworks 1 Arubaos 2024-09-26 9.8 Critical
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2024-7029 2 Avtec, Avtech 3 Avm1203\/ipcamera\/, Avm1203, Avm1203 Firmware 2024-09-26 8.8 High
Commands can be injected over the network and executed without authentication.
CVE-2023-36103 1 Tenda 2 Ac15, Ac15 Firmware 2024-09-24 8 High
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.
CVE-2024-33508 1 Fortinet 2 Forticlient Endpoint Management Server, Forticlient Enterprise Management Server 2024-09-20 6.9 Medium
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.
CVE-2024-46048 1 Tenda 2 Fh451, Fh451 Firmware 2024-09-20 8.8 High
Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i
CVE-2024-7110 1 Gitlab 1 Gitlab 2024-09-17 6.4 Medium
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.
CVE-2024-38641 1 Qnap 2 Qts, Quts Hero 2024-09-16 7.8 High
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later
CVE-2024-38486 1 Dell 1 Smartfabric Os10 2024-09-13 7.5 High
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVE-2021-38120 1 Microfocus 1 Netiq Advanced Authentication 2024-09-13 5.1 Medium
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
CVE-2024-44466 1 Comfast 2 Cf-xr11, Cf-xr11 Firmware 2024-09-13 9.8 Critical
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.
CVE-2024-8073 1 Hillstonenet 1 Web Application Firewall 2024-09-12 9.8 Critical
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.
CVE-2024-45824 1 Rockwellautomation 1 Factorytalk View 2024-09-12 9.8 Critical
CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.
CVE-2024-44401 2 D-link, Dlink 3 Di-8100, Di-8100g, Di-8100g Firmware 2024-09-12 9.8 Critical
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
CVE-2024-44572 1 Relyum 1 Rely-pcie Firmware 2024-09-12 8.8 High
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function.
CVE-2024-44570 1 Relyum 1 Rely-pcie Firmware 2024-09-12 8.8 High
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php.
CVE-2024-44574 1 Relyum 1 Rely-pcie Firmware 2024-09-12 8.8 High
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function.
CVE-2024-44577 1 Relyum 1 Rely-pcie Firmware 2024-09-12 8.8 High
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function.