Filtered by CWE-77
Filtered by vendor Subscriptions
Total 2150 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-43591 1 Microsoft 2 Azure Cli, Azure Service Connector 2024-12-10 8.7 High
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
CVE-2024-43497 1 Microsoft 1 Deepspeed 2024-12-10 8.4 High
DeepSpeed Remote Code Execution Vulnerability
CVE-2024-43601 2 Linux, Microsoft 2 Linux Kernel, Visual Studio Code 2024-12-10 7.8 High
Visual Studio Code for Linux Remote Code Execution Vulnerability
CVE-2023-36414 1 Microsoft 1 Azure Identity Sdk 2024-12-10 8.8 High
Azure Identity SDK Remote Code Execution Vulnerability
CVE-2023-36415 1 Microsoft 1 Azure Identity Sdk 2024-12-10 8.8 High
Azure Identity SDK Remote Code Execution Vulnerability
CVE-2023-22935 1 Splunk 2 Splunk, Splunk Cloud Platform 2024-12-10 8.1 High
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
CVE-2023-40598 1 Splunk 2 Splunk, Splunk Cloud Platform 2024-12-10 8.5 High
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.
CVE-2024-36983 1 Splunk 2 Splunk, Splunk Cloud Platform 2024-12-10 8 High
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.
CVE-2024-29946 1 Splunk 2 Cloud, Splunk 2024-12-10 8.1 High
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
CVE-2023-36754 1 Siemens 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more 2024-12-10 9.1 Critical
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
CVE-2024-53919 2024-12-10 7.6 High
An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root.
CVE-2024-53672 2024-12-06 4.7 Medium
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
CVE-2024-50388 1 Qnap 1 Hbs 3 2024-12-06 N/A
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later
CVE-2024-51114 1 Beijing Digital China Cloud Technology 1 Imcloud 2024-12-05 8.8 High
An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file
CVE-2024-21322 1 Microsoft 1 Defender For Iot 2024-12-05 7.2 High
Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2023-30260 1 Raspap 1 Raspap 2024-12-05 8.8 High
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.
CVE-2024-11665 2 Echarge, Hardy-barth 3 Salia Plcc, Salia Plcc Firmware, Cph2 Echarge Firmware 2024-12-04 8.8 High
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4.
CVE-2023-38034 1 Ui 47 U6-enterprise, U6-enterprise-iw, U6-extender and 44 more 2024-12-04 9.8 Critical
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.
CVE-2023-35972 1 Arubanetworks 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more 2024-12-04 7.2 High
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
CVE-2023-35973 1 Arubanetworks 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more 2024-12-04 7.2 High
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.