ReportizFlow
Filtered by vendor
Subscriptions
Total
2282 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33788 | 2024-11-21 | 8.0 High | ||
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. | ||||
| CVE-2024-33344 | 1 D-link | 1 Dir-822 | 2024-11-21 | 9.8 Critical |
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | ||||
| CVE-2024-33342 | 1 D-link | 1 Dir-822 | 2024-11-21 | 7.5 High |
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | ||||
| CVE-2024-33113 | 2024-11-21 | 5.3 Medium | ||
| D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. | ||||
| CVE-2024-32884 | 1 Byron | 1 Gitoxide | 2024-11-21 | 6.4 Medium |
| gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. This issue has been patched in versions 0.35.0, 0.42.0 and 0.62.0. | ||||
| CVE-2024-32766 | 2024-11-21 | 10 Critical | ||
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2024-32314 | 1 Tenda | 1 Ac500 | 2024-11-21 | 3.8 Low |
| Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32292 | 1 Tenda | 1 W30e Firmware | 2024-11-21 | 8.8 High |
| Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32283 | 1 Tenda | 1 Fh1203 | 2024-11-21 | 7.3 High |
| Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32282 | 1 Tenda | 1 Fh1202 Firmware | 2024-11-21 | 6.3 Medium |
| Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32281 | 1 Tenda | 1 Ac7 Firmware | 2024-11-21 | 8.8 High |
| Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | ||||
| CVE-2024-32027 | 2024-11-21 | 9.1 Critical | ||
| Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5. | ||||
| CVE-2024-32026 | 2024-11-21 | 9.1 Critical | ||
| Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5. | ||||
| CVE-2024-32025 | 2024-11-21 | 9.1 Critical | ||
| Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5. | ||||
| CVE-2024-32022 | 2024-11-21 | 9.1 Critical | ||
| Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to command injection in basic_caption_gui.py. This vulnerability is fixed in 23.1.5. | ||||
| CVE-2024-31811 | 2024-11-21 | 8.0 High | ||
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. | ||||
| CVE-2024-30891 | 2024-11-21 | 8.8 High | ||
| A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution. | ||||
| CVE-2024-30850 | 2024-11-21 | 8.8 High | ||
| An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go | ||||
| CVE-2024-30637 | 2024-11-21 | 8.8 High | ||
| Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter. | ||||
| CVE-2024-30368 | 1 A10networks | 1 Advanced Core Operating System | 2024-11-21 | 8.8 High |
| A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the CsrRequestView class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of a10user. Was ZDI-CAN-22517. | ||||