Total
4491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24326 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. | |||||
| CVE-2024-24091 | 1 Yealink | 1 Yealink Meeting Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. | |||||
| CVE-2024-23812 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | N/A | 8.0 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection. | |||||
| CVE-2024-23789 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product. | |||||
| CVE-2024-23109 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | N/A | 10.0 CRITICAL |
| An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | |||||
| CVE-2024-23108 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | N/A | 10.0 CRITICAL |
| An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | |||||
| CVE-2024-23058 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. | |||||
| CVE-2024-23057 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. | |||||
| CVE-2024-22445 | 1 Dell | 1 Powerprotect Data Manager | 2024-11-21 | N/A | 7.2 HIGH |
| Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | |||||
| CVE-2024-22228 | 1 Dell | 1 Unity Operating Environment | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | |||||
| CVE-2024-22227 | 1 Dell | 1 Unity Operating Environment | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges. | |||||
| CVE-2024-22225 | 1 Dell | 1 Unity Operating Environment | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. | |||||
| CVE-2024-22224 | 1 Dell | 1 Unity Operating Environment | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | |||||
| CVE-2024-22223 | 1 Dell | 1 Unity Operating Environment | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | |||||
| CVE-2024-22222 | 1 Dell | 1 Unity Operating Environment | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | |||||
| CVE-2024-22132 | 1 Sap | 1 Ides Ecc | 2024-11-21 | N/A | 7.4 HIGH |
| SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. | |||||
| CVE-2024-20720 | 1 Adobe | 1 Commerce | 2024-11-21 | N/A | 9.1 CRITICAL |
| Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-20358 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2024-11-21 | N/A | 6.0 MEDIUM |
| A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root. | |||||
| CVE-2024-20356 | 2024-11-21 | N/A | 8.7 HIGH | ||
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. | |||||
| CVE-2024-20295 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | |||||