Total
4011 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-7730 | 1 Bestzip Project | 1 Bestzip | 2024-09-16 | 9.8 Critical |
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. | ||||
CVE-2018-6662 | 2 Apple, Mcafee | 2 Mac Os X, Management Of Native Encryption | 2024-09-16 | 7.8 High |
Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input. | ||||
CVE-2013-4457 | 1 Thoughtbot | 1 Cocaine | 2024-09-16 | N/A |
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation. | ||||
CVE-2021-34362 | 1 Qnap | 3 Media Streaming Add-on, Qts, Quts Hero | 2024-09-16 | 8.7 High |
A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later | ||||
CVE-2018-3937 | 1 Sony | 28 Snc-eb600, Snc-eb600 Firmware, Snc-eb600b and 25 more | 2024-09-16 | N/A |
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. | ||||
CVE-2020-29495 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2024-09-16 | 10 Critical |
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. | ||||
CVE-2019-1864 | 1 Cisco | 13 Encs 5100, Encs 5400, Integrated Management Controller Supervisor and 10 more | 2024-09-16 | 8.8 High |
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of the affected software. A successful exploit could allow the attacker, with read-only privileges, to inject and execute arbitrary, system-level commands with root privileges on an affected device. | ||||
CVE-2021-35531 | 1 Hitachienergy | 2 Txpert Hub Coretec 4, Txpert Hub Coretec 4 Firmware | 2024-09-16 | 6.7 Medium |
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | ||||
CVE-2022-24392 | 1 Fidelissecurity | 2 Deception, Network | 2024-09-16 | 8.8 High |
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | ||||
CVE-2023-43959 | 1 Yealink | 2 Sip-t19p-e2, Sip-t19p-e2 Firmware | 2024-09-16 | 8.8 High |
An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component. | ||||
CVE-2023-23373 | 1 Qnap | 1 Qusbcam2 | 2024-09-16 | 8.8 High |
An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 ( 2023/06/15 ) and later | ||||
CVE-2024-8190 | 1 Ivanti | 1 Cloud Services Appliance | 2024-09-16 | 7.2 High |
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. | ||||
CVE-2024-38641 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-16 | 7.8 High |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later | ||||
CVE-2024-8280 | 1 Lenovo | 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more | 2024-09-14 | 7.2 High |
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file. | ||||
CVE-2024-8278 | 1 Lenovo | 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more | 2024-09-14 | 7.2 High |
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. | ||||
CVE-2024-8279 | 1 Lenovo | 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more | 2024-09-14 | 7.2 High |
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | ||||
CVE-2024-8281 | 1 Lenovo | 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more | 2024-09-14 | 7.2 High |
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell. | ||||
CVE-2023-34974 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-13 | 8.8 High |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2626 build 20231225 and later | ||||
CVE-2024-7261 | 1 Zyxel | 58 Nwa110ax, Nwa110ax Firmware, Nwa1123-ac Pro and 55 more | 2024-09-13 | 9.8 Critical |
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. | ||||
CVE-2024-3121 | 1 Lollms | 1 Lollms | 2024-09-13 | 3.3 Low |
A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands. |