ReportizFlow
Filtered by vendor
Subscriptions
Total
5443 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28750 | 1 Ifm | 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware | 2024-11-21 | 7.2 High |
| A remote attacker with high privileges may use a deleting file function to inject OS commands. | ||||
| CVE-2024-28749 | 1 Ifm | 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware | 2024-11-21 | 7.2 High |
| A remote attacker with high privileges may use a writing file function to inject OS commands. | ||||
| CVE-2024-28748 | 1 Ifm | 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware | 2024-11-21 | 7.2 High |
| A remote attacker with high privileges may use a reading file function to inject OS commands. | ||||
| CVE-2024-28048 | 2024-11-21 | 9.8 Critical | ||
| OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11. | ||||
| CVE-2024-28033 | 2024-11-21 | 7.3 High | ||
| OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy 1.7.8 and 1.7.9. | ||||
| CVE-2024-25568 | 2024-11-21 | 8.8 High | ||
| OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W v1.24 and earlier, and WMC-X1800GST-B v1.41 and earlier. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". | ||||
| CVE-2024-25002 | 2024-11-21 | 8.8 High | ||
| Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device. | ||||
| CVE-2024-24899 | 2024-11-21 | 7.2 High | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0. | ||||
| CVE-2024-24892 | 2024-11-21 | 8.1 High | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. This issue affects migration-tools: from 1.0.0 through 1.0.1. | ||||
| CVE-2024-24890 | 2024-11-21 | 7.8 High | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. This issue affects gala-gopher: through 1.0.2. | ||||
| CVE-2024-24623 | 1 Softaculous | 1 Webuzo | 2024-11-21 | 8.8 High |
| Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. | ||||
| CVE-2024-24622 | 1 Softaculous | 1 Webuzo | 2024-11-21 | 8.8 High |
| Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. | ||||
| CVE-2024-24328 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. | ||||
| CVE-2024-24326 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. | ||||
| CVE-2024-23812 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection. | ||||
| CVE-2024-23058 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. | ||||
| CVE-2024-23057 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. | ||||
| CVE-2024-22445 | 1 Dell | 1 Powerprotect Data Manager | 2024-11-21 | 7.2 High |
| Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | ||||
| CVE-2024-22222 | 1 Dell | 1 Unity Operating Environment | 2024-11-21 | 7.8 High |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | ||||
| CVE-2024-20356 | 2024-11-21 | 8.7 High | ||
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. | ||||