Total
2085 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47562 | 1 Siemens | 1 Sinec Security Monitor | 2024-10-11 | 8.8 High |
| A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS. | ||||
| CVE-2024-44400 | 2 D-link, Dlink | 3 Di-8400 Firmware, Di-8400, Di-8400 Firmware | 2024-10-11 | 8 High |
| A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. | ||||
| CVE-2023-38921 | 1 Netgear | 4 Wag302v2, Wag302v2 Firmware, Wg302v2 and 1 more | 2024-10-11 | 8.8 High |
| Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. | ||||
| CVE-2023-38928 | 1 Netgear | 2 R7100lg, R7100lg Firmware | 2024-10-11 | 9.8 Critical |
| Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | ||||
| CVE-2023-32782 | 1 Paessler | 1 Prtg Network Monitor | 2024-10-10 | 7.2 High |
| A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | ||||
| CVE-2023-42136 | 1 Paxtechnology | 9 A50, A6650, A77 and 6 more | 2024-10-10 | 7.8 High |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability. | ||||
| CVE-2024-9380 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-10-10 | 7.2 High |
| An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | ||||
| CVE-2023-39001 | 1 Opnsense | 1 Opnsense | 2024-10-10 | 9.8 Critical |
| A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | ||||
| CVE-2023-39008 | 1 Opnsense | 1 Opnsense | 2024-10-10 | 9.8 Critical |
| A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. | ||||
| CVE-2023-37154 | 1 Nagios | 1 Plugins | 2024-10-10 | 8.4 High |
| check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior. | ||||
| CVE-2024-38817 | 1 Vmware | 3 Cloud Foundation, Nsx, Nsx-t | 2024-10-10 | 6.7 Medium |
| VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. | ||||
| CVE-2024-4639 | 1 Moxa | 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more | 2024-10-10 | 7.1 High |
| OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands. | ||||
| CVE-2024-28125 | 1 Fitnesse | 1 Fitnesse | 2024-10-10 | 9.8 Critical |
| FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation. | ||||
| CVE-2023-39293 | 1 Mitel | 3 Mivoice Office 400, Mivoice Office 400 Smb Controller, Mivoice Office 400 Smb Controller Firmware | 2024-10-09 | 9.8 Critical |
| A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. | ||||
| CVE-2023-38034 | 2 Ubiquiti, Ui | 49 Unifi Access Points, Unifi Switch Firmware, U6-enterprise and 46 more | 2024-10-09 | 9.8 Critical |
| A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. | ||||
| CVE-2023-40293 | 1 Samsung | 1 Harman Infotainment | 2024-10-09 | 6.8 Medium |
| Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object. | ||||
| CVE-2023-38861 | 1 Wavlink | 3 Wl-wn575a3, Wl-wn575a3 Firmware, Wl Wnj575a3 | 2024-10-09 | 9.8 Critical |
| An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. | ||||
| CVE-2023-38862 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-10-09 | 9.8 Critical |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. | ||||
| CVE-2023-38863 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-10-09 | 9.8 Critical |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. | ||||
| CVE-2023-38864 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-10-09 | 9.8 Critical |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt. | ||||