Total
4020 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22228 | 1 Dell | 1 Unity Operating Environment | 2024-08-01 | 7.8 High |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | ||||
| CVE-2024-21821 | 1 Tp-link | 6 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 3 more | 2024-08-01 | 8.0 High |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. | ||||
| CVE-2024-21756 | 1 Fortinet | 1 Fortisandbox | 2024-08-01 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | ||||
| CVE-2024-21773 | 1 Tp-link | 8 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 5 more | 2024-08-01 | 8.8 High |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings. | ||||
| CVE-2024-21782 | 2024-08-01 | 6.7 Medium | ||
| BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2024-21755 | 1 Fortinet | 1 Fortisandbox | 2024-08-01 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | ||||
| CVE-2024-6047 | 2024-08-01 | 9.8 Critical | ||
| Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. | ||||
| CVE-2024-20720 | 1 Adobe | 1 Commerce | 2024-08-01 | 9.1 Critical |
| Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-20328 | 2024-08-01 | 5.3 Medium | ||
| A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-20356 | 2024-08-01 | 8.7 High | ||
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. | ||||
| CVE-2024-20326 | 2024-08-01 | 7.8 High | ||
| A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement when specific CLI commands are used. An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user. | ||||
| CVE-2024-20295 | 2024-08-01 | 8.8 High | ||
| A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | ||||
| CVE-2024-20335 | 2024-08-01 | 6.5 Medium | ||
| A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. | ||||
| CVE-2024-6186 | 2024-08-01 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument ad_log_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6187 | 2024-08-01 | 6.3 Medium | ||
| A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6184 | 2024-08-01 | 6.3 Medium | ||
| A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/reboot/reboot_commit.php. The manipulation of the argument servicename leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6048 | 1 Openfind | 2 Mailaudit, Mailgates | 2024-08-01 | 9.8 Critical |
| Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server. | ||||
| CVE-2024-5785 | 2024-08-01 | 8 High | ||
| Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”. | ||||
| CVE-2024-5672 | 2024-08-01 | 7.2 High | ||
| A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command. | ||||
| CVE-2024-5421 | 2024-08-01 | N/A | ||
| Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below. | ||||