Total
5154 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29640 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component. | |||||
| CVE-2024-29167 | 2024-11-21 | N/A | 7.2 HIGH | ||
| SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | |||||
| CVE-2024-28750 | 2024-11-21 | N/A | 7.2 HIGH | ||
| A remote attacker with high privileges may use a deleting file function to inject OS commands. | |||||
| CVE-2024-28749 | 2024-11-21 | N/A | 7.2 HIGH | ||
| A remote attacker with high privileges may use a writing file function to inject OS commands. | |||||
| CVE-2024-28748 | 2024-11-21 | N/A | 7.2 HIGH | ||
| A remote attacker with high privileges may use a reading file function to inject OS commands. | |||||
| CVE-2024-28048 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11. | |||||
| CVE-2024-28033 | 2024-11-21 | N/A | 7.3 HIGH | ||
| OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy 1.7.8 and 1.7.9. | |||||
| CVE-2024-27172 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-25568 | 2024-11-21 | N/A | 8.8 HIGH | ||
| OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W v1.24 and earlier, and WMC-X1800GST-B v1.41 and earlier. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". | |||||
| CVE-2024-24623 | 1 Softaculous | 1 Webuzo | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. | |||||
| CVE-2024-24622 | 1 Softaculous | 1 Webuzo | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. | |||||
| CVE-2024-24328 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. | |||||
| CVE-2024-24326 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. | |||||
| CVE-2024-24091 | 1 Yealink | 1 Yealink Meeting Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. | |||||
| CVE-2024-23812 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | N/A | 8.0 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection. | |||||
| CVE-2024-23058 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. | |||||
| CVE-2024-23057 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. | |||||
| CVE-2024-22445 | 1 Dell | 1 Powerprotect Data Manager | 2024-11-21 | N/A | 7.2 HIGH |
| Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | |||||
| CVE-2024-22228 | 1 Dell | 1 Unity Operating Environment | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | |||||
| CVE-2024-22227 | 1 Dell | 1 Unity Operating Environment | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges. | |||||