Total
2590 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-25951 | 1 Dell | 1 Idrac8 | 2025-01-31 | 8 High |
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system. | ||||
CVE-2024-45824 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-31 | 9.8 Critical |
CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue. | ||||
CVE-2023-31460 | 1 Mitel | 1 Mivoice Connect | 2025-01-31 | 7.2 High |
A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. | ||||
CVE-2023-2373 | 1 Ui | 3 Edgemax Edgerouter Firmware, Er-x, Er-x-sfp | 2025-01-30 | 6.3 Medium |
A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227649 was assigned to this vulnerability. | ||||
CVE-2024-4712 | 2 Microsoft, Papercut | 3 Windows, Papercut Mf, Papercut Ng | 2025-01-30 | 7.8 High |
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can lead to local privilege escalation. Note: This CVE has been split into two (CVE-2024-4712 and CVE-2024-8405) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server. | ||||
CVE-2023-31476 | 1 Gl-inet | 4 Gl-mv1000, Gl-mv1000 Firmware, Gl-mv1000w and 1 more | 2025-01-29 | 7.5 High |
An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www). | ||||
CVE-2023-30135 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-01-29 | 9.8 Critical |
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. | ||||
CVE-2023-26125 | 2 Gin-gonic, Redhat | 5 Gin, Migration Toolkit Applications, Migration Toolkit Virtualization and 2 more | 2025-01-29 | 5.6 Medium |
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic. | ||||
CVE-2023-22788 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-01-28 | 7.2 High |
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
CVE-2023-27407 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-01-28 | 9.9 Critical |
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user. | ||||
CVE-2023-28832 | 1 Siemens | 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more | 2025-01-28 | 7.2 High |
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | ||||
CVE-2023-31742 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2025-01-28 | 7.2 High |
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | ||||
CVE-2023-30353 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | 9.8 Critical |
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document. | ||||
CVE-2024-25955 | 1 Dell | 3 Powermax Eem, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2025-01-27 | 7.2 High |
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity. | ||||
CVE-2023-31473 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2025-01-27 | 4.9 Medium |
An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file. | ||||
CVE-2023-31531 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | 8.8 High |
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter. | ||||
CVE-2023-31530 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | 8.8 High |
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter. | ||||
CVE-2023-31529 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | 8.8 High |
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter. | ||||
CVE-2023-31528 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2025-01-27 | 8.8 High |
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter. | ||||
CVE-2022-29842 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2025-01-24 | 9.8 Critical |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119. |