Total
2085 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41637 | 2024-08-02 | 8.3 High | ||
| RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password. | ||||
| CVE-2024-41133 | 2024-08-02 | 7.2 High | ||
| A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise | ||||
| CVE-2024-41135 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-08-02 | 7.2 High |
| A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise | ||||
| CVE-2024-41318 | 1 Totolink | 1 A6000r Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | ||||
| CVE-2024-41316 | 1 Totolink | 1 A6000r Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. | ||||
| CVE-2024-41320 | 1 Totolink | 1 A6000r Firmware | 2024-08-02 | 8.8 High |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function. | ||||
| CVE-2024-41134 | 2024-08-02 | 7.2 High | ||
| A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise | ||||
| CVE-2024-41319 | 1 Totolink | 2 A6000r, A6000r Firmware | 2024-08-02 | 8.8 High |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. | ||||
| CVE-2024-41136 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-08-02 | 6.8 Medium |
| An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2024-40110 | 1 Poultry Farm Management System Project | 1 Poultry Farm Management System | 2024-08-02 | 9.8 Critical |
| Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. | ||||
| CVE-2024-39963 | 1 Tenda | 2 Ax12 Firmware, Ax9 Firmware | 2024-08-02 | 8 High |
| AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg. | ||||
| CVE-2024-39914 | 2024-08-02 | 9.8 Critical | ||
| FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34. | ||||
| CVE-2024-39567 | 1 Siemens | 1 Sinema Remote Connect Client | 2024-08-02 | 7.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. | ||||
| CVE-2024-39028 | 1 Seacms | 1 Seacms | 2024-08-02 | 9.8 Critical |
| An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. | ||||
| CVE-2024-38903 | 2024-08-02 | 4.1 Medium | ||
| H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. | ||||
| CVE-2024-38896 | 2024-08-02 | 5.3 Medium | ||
| WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi. | ||||
| CVE-2024-38894 | 2024-08-02 | 5.3 Medium | ||
| WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi. | ||||
| CVE-2024-38492 | 2024-08-02 | N/A | ||
| This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||||
| CVE-2024-37642 | 2024-08-02 | 9.1 Critical | ||
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . | ||||
| CVE-2024-37569 | 1 Mitel | 3 6869i Firmware, 6869i Sip, 6869i Sip Firmware | 2024-08-02 | 8.3 High |
| An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter. | ||||