Filtered by vendor
Subscriptions
Total
2150 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-12111 | 2024-12-20 | 8 High | ||
In a specific scenario a LDAP user can abuse the authentication process in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5) | ||||
CVE-2022-32203 | 2024-12-20 | 9.8 Critical | ||
There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. (Vulnerability ID: HWPSIRT-2022-51773) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32203. | ||||
CVE-2024-49026 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-12-20 | 7.8 High |
Microsoft Excel Remote Code Execution Vulnerability | ||||
CVE-2024-43613 | 2024-12-20 | 7.2 High | ||
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | ||||
CVE-2024-49042 | 2024-12-20 | 7.2 High | ||
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | ||||
CVE-2024-12356 | 1 Beyondtrust | 2 Privileged Remote Access, Remote Support | 2024-12-20 | 9.8 Critical |
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. | ||||
CVE-2024-55956 | 1 Cleo | 3 Harmony, Lexicom, Vltrader | 2024-12-20 | 9.8 Critical |
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | ||||
CVE-2024-42427 | 1 Dell | 2 Wyse Proprietary Os, Wyse Thinos | 2024-12-20 | 7.6 High |
Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
CVE-2010-5330 | 1 Ui | 1 Airos | 2024-12-19 | 9.8 Critical |
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected. | ||||
CVE-2023-23356 | 2024-12-19 | 5.5 Medium | ||
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QuFirewall 2.3.3 ( 2023/03/27 ) and later and later | ||||
CVE-2024-49194 | 2024-12-18 | 7.3 High | ||
Databricks JDBC Driver before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achieve Remote Code Execution in the context of the driver by tricking a victim into using a crafted connection URL that uses the property krbJAASFile. | ||||
CVE-2023-24032 | 1 Zimbra | 1 Collaboration | 2024-12-18 | 7.8 High |
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE). | ||||
CVE-2024-39703 | 2024-12-18 | 8.8 High | ||
In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint. | ||||
CVE-2020-10826 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-12-18 | 9.8 Critical |
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. | ||||
CVE-2024-10966 | 1 Totolink | 2 X18, X18 Firmware | 2024-12-17 | 6.3 Medium |
A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-56087 | 2024-12-16 | 5.9 Medium | ||
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | ||||
CVE-2024-56086 | 2024-12-16 | 7.1 High | ||
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution. | ||||
CVE-2024-56085 | 2024-12-16 | 5.9 Medium | ||
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | ||||
CVE-2024-56084 | 2024-12-16 | 7.1 High | ||
An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution. | ||||
CVE-2024-11634 | 2024-12-14 | 9.1 Critical | ||
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx) |