Filtered by vendor
Subscriptions
Total
2150 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-43591 | 1 Microsoft | 2 Azure Cli, Azure Service Connector | 2024-12-10 | 8.7 High |
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | ||||
CVE-2024-43497 | 1 Microsoft | 1 Deepspeed | 2024-12-10 | 8.4 High |
DeepSpeed Remote Code Execution Vulnerability | ||||
CVE-2024-43601 | 2 Linux, Microsoft | 2 Linux Kernel, Visual Studio Code | 2024-12-10 | 7.8 High |
Visual Studio Code for Linux Remote Code Execution Vulnerability | ||||
CVE-2023-36414 | 1 Microsoft | 1 Azure Identity Sdk | 2024-12-10 | 8.8 High |
Azure Identity SDK Remote Code Execution Vulnerability | ||||
CVE-2023-36415 | 1 Microsoft | 1 Azure Identity Sdk | 2024-12-10 | 8.8 High |
Azure Identity SDK Remote Code Execution Vulnerability | ||||
CVE-2023-22935 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 8.1 High |
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | ||||
CVE-2023-40598 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 8.5 High |
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance. | ||||
CVE-2024-36983 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-12-10 | 8 High |
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance. | ||||
CVE-2024-29946 | 1 Splunk | 2 Cloud, Splunk | 2024-12-10 | 8.1 High |
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. | ||||
CVE-2023-36754 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-12-10 | 9.1 Critical |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | ||||
CVE-2024-53919 | 2024-12-10 | 7.6 High | ||
An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root. | ||||
CVE-2024-53672 | 2024-12-06 | 4.7 Medium | ||
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. | ||||
CVE-2024-50388 | 1 Qnap | 1 Hbs 3 | 2024-12-06 | N/A |
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later | ||||
CVE-2024-51114 | 1 Beijing Digital China Cloud Technology | 1 Imcloud | 2024-12-05 | 8.8 High |
An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file | ||||
CVE-2024-21322 | 1 Microsoft | 1 Defender For Iot | 2024-12-05 | 7.2 High |
Microsoft Defender for IoT Remote Code Execution Vulnerability | ||||
CVE-2023-30260 | 1 Raspap | 1 Raspap | 2024-12-05 | 8.8 High |
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. | ||||
CVE-2024-11665 | 2 Echarge, Hardy-barth | 3 Salia Plcc, Salia Plcc Firmware, Cph2 Echarge Firmware | 2024-12-04 | 8.8 High |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4. | ||||
CVE-2023-38034 | 1 Ui | 47 U6-enterprise, U6-enterprise-iw, U6-extender and 44 more | 2024-12-04 | 9.8 Critical |
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. | ||||
CVE-2023-35972 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-12-04 | 7.2 High |
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | ||||
CVE-2023-35973 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-12-04 | 7.2 High |
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. |