Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38120 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 5.1 Medium |
| A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. | ||||
| CVE-2024-44466 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-09-13 | 9.8 Critical |
| COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface. | ||||
| CVE-2024-8073 | 1 Hillstonenet | 1 Web Application Firewall | 2024-09-12 | 9.8 Critical |
| Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13. | ||||
| CVE-2023-46424 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-12 | 9.8 Critical |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function. | ||||
| CVE-2024-45824 | 1 Rockwellautomation | 1 Factorytalk View | 2024-09-12 | 9.8 Critical |
| CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue. | ||||
| CVE-2024-44401 | 2 D-link, Dlink | 3 Di-8100, Di-8100g, Di-8100g Firmware | 2024-09-12 | 9.8 Critical |
| D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file | ||||
| CVE-2023-51025 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-09-12 | 9.8 Critical |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. | ||||
| CVE-2023-51014 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-09-12 | 9.8 Critical |
| TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi | ||||
| CVE-2024-44572 | 1 Relyum | 1 Rely-pcie Firmware | 2024-09-12 | 8.8 High |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function. | ||||
| CVE-2024-44577 | 1 Relyum | 1 Rely-pcie Firmware | 2024-09-12 | 8.8 High |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function. | ||||
| CVE-2024-44574 | 1 Relyum | 1 Rely-pcie Firmware | 2024-09-12 | 8.8 High |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function. | ||||
| CVE-2024-44570 | 1 Relyum | 1 Rely-pcie Firmware | 2024-09-12 | 8.8 High |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php. | ||||
| CVE-2023-46370 | 1 Tenda | 2 W18e, W18e Firmware | 2024-09-11 | 9.8 Critical |
| Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. | ||||
| CVE-2023-46574 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-09-11 | 9.8 Critical |
| An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. | ||||
| CVE-2023-43510 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-09-11 | 4.7 Medium |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise. | ||||
| CVE-2023-46408 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-11 | 9.8 Critical |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function. | ||||
| CVE-2023-46409 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-11 | 9.8 Critical |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function. | ||||
| CVE-2023-46410 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-11 | 9.8 Critical |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function. | ||||
| CVE-2023-46423 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-11 | 9.8 Critical |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function. | ||||
| CVE-2023-46422 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-09-11 | 9.8 Critical |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function. | ||||