Total
3876 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-20483 | 1 Cisco | 1 Ios Xr | 2024-09-20 | 7.2 High |
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller. | ||||
CVE-2024-45698 | 1 Dlink | 3 Dir-4860 A1, Dir-x4860, Dir-x4860 Firmware | 2024-09-19 | 8.8 High |
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | ||||
CVE-2024-9004 | 2024-09-19 | 6.3 Medium | ||
A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
CVE-2023-36547 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 9.6 Critical |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | ||||
CVE-2024-9001 | 1 Totolink | 1 T10 | 2024-09-19 | 6.3 Medium |
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-34116 | 1 Zoom | 1 Zoom | 2024-09-19 | 8.2 High |
Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. | ||||
CVE-2024-20399 | 1 Cisco | 201 Mds 9000, Mds 9100, Mds 9132t and 198 more | 2024-09-19 | 6 Medium |
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. The following Cisco devices already allow administrative users to access the underlying operating system through the bash-shell feature, so, for these devices, this vulnerability does not grant any additional privileges: Nexus 3000 Series Switches Nexus 7000 Series Switches that are running Cisco NX-OS Software releases 8.1(1) and later Nexus 9000 Series Switches in standalone NX-OS mode | ||||
CVE-2023-34993 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 9.6 Critical |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | ||||
CVE-2023-36550 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 9.6 Critical |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | ||||
CVE-2023-34989 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 8.6 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
CVE-2023-34987 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 8.6 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
CVE-2023-34986 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 8.6 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
CVE-2023-34985 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 8.6 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
CVE-2023-4401 | 1 Dell | 1 Smartfabric Storage Software | 2024-09-19 | 7.8 High |
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access. | ||||
CVE-2023-43068 | 1 Dell | 1 Smartfabric Storage Software | 2024-09-19 | 7.8 High |
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands. | ||||
CVE-2023-34988 | 1 Fortinet | 1 Fortiwlm | 2024-09-19 | 8.6 High |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
CVE-2023-43069 | 1 Dell | 1 Smartfabric Storage Software | 2024-09-19 | 7.8 High |
Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker. | ||||
CVE-2023-26153 | 1 Geokit | 1 Geokit-rails | 2024-09-19 | 8.3 High |
Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system. | ||||
CVE-2024-7591 | 1 Kemptechnologies | 3 Loadmaster, Loadmaster Mt, Multi-tenant Hypervisor Firmware | 2024-09-19 | 10 Critical |
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above | ||||
CVE-2024-41815 | 1 Starship | 1 Starship | 2024-09-19 | 7.4 High |
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability. |