ReportizFlow
Filtered by vendor
Subscriptions
Total
2354 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41319 | 1 Totolink | 2 A6000r, A6000r Firmware | 2024-11-21 | 8.8 High |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. | ||||
| CVE-2024-41136 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-11-21 | 6.8 Medium |
| An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2024-41135 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-11-21 | 7.2 High |
| A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise | ||||
| CVE-2024-41134 | 2024-11-21 | 7.2 High | ||
| A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise | ||||
| CVE-2024-41133 | 2024-11-21 | 7.2 High | ||
| A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise | ||||
| CVE-2024-40110 | 1 Poultry Farm Management System Project | 1 Poultry Farm Management System | 2024-11-21 | 9.8 Critical |
| Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. | ||||
| CVE-2024-3871 | 2024-11-21 | 9.8 Critical | ||
| The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2. | ||||
| CVE-2024-3271 | 2024-11-21 | N/A | ||
| A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by crafting input that does not contain an underscore but still results in the execution of OS commands. The vulnerability allows for remote code execution (RCE) on the server hosting the application. | ||||
| CVE-2024-3154 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.2 High |
| A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. | ||||
| CVE-2024-39963 | 1 Tenda | 2 Ax12 Firmware, Ax9 Firmware | 2024-11-21 | 8 High |
| AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg. | ||||
| CVE-2024-39914 | 2024-11-21 | 9.8 Critical | ||
| FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34. | ||||
| CVE-2024-39571 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges. | ||||
| CVE-2024-39570 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges. | ||||
| CVE-2024-39569 | 1 Siemens | 1 Sinema Remote Connect Client | 2024-11-21 | 6.6 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system. | ||||
| CVE-2024-39568 | 1 Siemens | 1 Sinema Remote Connect Client | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. | ||||
| CVE-2024-39567 | 1 Siemens | 1 Sinema Remote Connect Client | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. | ||||
| CVE-2024-39373 | 1 Markoni | 4 Markoni-d \(compact\), Markoni-d \(compact\) Firmware, Markoni-dh \(exciter\+amplifiers\) and 1 more | 2024-11-21 | 7.2 High |
| TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with administrative privileges. | ||||
| CVE-2024-39028 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. | ||||
| CVE-2024-38903 | 2024-11-21 | 4.1 Medium | ||
| H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. | ||||
| CVE-2024-38896 | 2024-11-21 | 5.3 Medium | ||
| WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi. | ||||