Total
3597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40072 | 1 Elecom | 4 Wab-s300, Wab-s300 Firmware, Wab-s600-ps and 1 more | 2024-02-28 | N/A | 8.8 HIGH |
| OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier. | |||||
| CVE-2019-11539 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-02-27 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | |||||
| CVE-2024-22445 | 1 Dell | 1 Powerprotect Data Manager | 2024-02-27 | N/A | 7.2 HIGH |
| Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | |||||
| CVE-2024-1683 | 2024-02-23 | N/A | 7.3 HIGH | ||
| A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services. | |||||
| CVE-2023-51450 | 2024-02-22 | N/A | 5.6 MEDIUM | ||
| baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability. | |||||
| CVE-2024-1212 | 2024-02-22 | N/A | 10.0 CRITICAL | ||
| Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. | |||||
| CVE-2023-6260 | 2024-02-21 | N/A | 9.0 CRITICAL | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue affects ACS100 (Network Adjacent Access), ACS300 (Physical Access): from 5.2.4 before 6.2.4.3. | |||||
| CVE-2023-6398 | 2024-02-21 | N/A | 7.2 HIGH | ||
| A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP. | |||||
| CVE-2024-25626 | 2024-02-20 | N/A | 8.8 HIGH | ||
| Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before and included Yocto Project 4.3.1), with the Toaster server (included in bitbake) running, missing input validation allows an attacker to perform a remote code execution in the server's shell via a crafted HTTP request. Authentication is not necessary. Toaster server execution has to be specifically run and is not the default for Bitbake command line builds, it is only used for the Toaster web based user interface to Bitbake. The fix has been backported to the bitbake included with Yocto Project 5.0, 3.1.31, 4.0.16, and 4.3.2. | |||||
| CVE-2024-20720 | 1 Adobe | 1 Commerce | 2024-02-16 | N/A | 9.1 CRITICAL |
| Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-0168 | 1 Dell | 1 Unity Operating Environment | 2024-02-16 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges. | |||||
| CVE-2024-22222 | 1 Dell | 1 Unity Operating Environment | 2024-02-16 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | |||||
| CVE-2022-30308 | 1 Festo | 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more | 2024-02-15 | 10.0 HIGH | 9.8 CRITICAL |
| In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | |||||
| CVE-2022-30310 | 1 Festo | 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more | 2024-02-15 | 10.0 HIGH | 9.8 CRITICAL |
| In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | |||||
| CVE-2024-0164 | 1 Dell | 1 Unity Operating Environment | 2024-02-15 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges. | |||||
| CVE-2024-0165 | 1 Dell | 1 Unity Operating Environment | 2024-02-15 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. | |||||
| CVE-2024-0166 | 1 Dell | 1 Unity Operating Environment | 2024-02-15 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges. | |||||
| CVE-2024-0167 | 1 Dell | 1 Unity Operating Environment | 2024-02-15 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges. | |||||
| CVE-2024-0170 | 1 Dell | 1 Unity Operating Environment | 2024-02-15 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | |||||
| CVE-2024-22836 | 1 Akaunting | 1 Akaunting | 2024-02-15 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server. | |||||