Total
1755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4944 | 2024-07-09 | N/A | 7.8 HIGH | ||
| A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. | |||||
| CVE-2022-32262 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. | |||||
| CVE-2024-36983 | 2024-07-08 | N/A | 8.0 HIGH | ||
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance. | |||||
| CVE-2024-31485 | 2024-07-04 | N/A | 7.2 HIGH | ||
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | |||||
| CVE-2023-33919 | 1 Siemens | 3 Cp-8031 Master Module, Cp-8050 Master Module, Cpci85 Firmware | 2024-07-04 | N/A | 7.2 HIGH |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | |||||
| CVE-2022-45796 | 1 Sharp | 316 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 313 more | 2024-07-04 | N/A | 7.2 HIGH |
| Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2024-38903 | 2024-07-03 | N/A | 4.1 MEDIUM | ||
| H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. | |||||
| CVE-2024-38896 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi. | |||||
| CVE-2024-38894 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi. | |||||
| CVE-2024-37642 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . | |||||
| CVE-2024-37569 | 1 Mitel | 2 6869i Sip, 6869i Sip Firmware | 2024-07-03 | N/A | 8.8 HIGH |
| An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated user), which is subsequently written to disk. During boot, the hostname parameter is executed as part of a series of shell commands. Attackers can achieve remote code execution in the root context by placing shell metacharacters in the hostname parameter. | |||||
| CVE-2024-34852 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands. | |||||
| CVE-2024-34338 | 2024-07-03 | N/A | 7.2 HIGH | ||
| Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability. | |||||
| CVE-2024-34218 | 2024-07-03 | N/A | 3.8 LOW | ||
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. | |||||
| CVE-2024-34206 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | |||||
| CVE-2024-33789 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. | |||||
| CVE-2024-33788 | 2024-07-03 | N/A | 8.0 HIGH | ||
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. | |||||
| CVE-2024-33344 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | |||||
| CVE-2024-33342 | 2024-07-03 | N/A | 7.5 HIGH | ||
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | |||||
| CVE-2024-33113 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. | |||||