Total
3597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22228 | 1 Dell | 1 Unity Operating Environment | 2024-02-15 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | |||||
| CVE-2024-22227 | 1 Dell | 1 Unity Operating Environment | 2024-02-15 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges. | |||||
| CVE-2024-22225 | 1 Dell | 1 Unity Operating Environment | 2024-02-15 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. | |||||
| CVE-2024-22224 | 1 Dell | 1 Unity Operating Environment | 2024-02-15 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | |||||
| CVE-2024-22223 | 1 Dell | 1 Unity Operating Environment | 2024-02-15 | N/A | 7.8 HIGH |
| Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | |||||
| CVE-2024-26260 | 2024-02-15 | N/A | 9.8 CRITICAL | ||
| The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission. | |||||
| CVE-2024-1367 | 2024-02-15 | N/A | 7.2 HIGH | ||
| A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host. | |||||
| CVE-2023-50358 | 2024-02-15 | N/A | 5.8 MEDIUM | ||
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QTS 4.3.6.2665 build 20240131 and later QTS 4.3.4.2675 build 20240131 and later QTS 4.3.3.2644 build 20240131 and later QTS 4.2.6 build 20240131 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2023-47218 | 2024-02-15 | N/A | 5.8 MEDIUM | ||
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2024-21782 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-43466 | 1 Buffalo | 20 Wex-1800ax4, Wex-1800ax4 Firmware, Wex-1800ax4ea and 17 more | 2024-02-14 | N/A | 6.8 MEDIUM |
| OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. | |||||
| CVE-2022-43443 | 1 Buffalo | 22 Wcr-1166ds, Wcr-1166ds Firmware, Wsr-2533dhp and 19 more | 2024-02-14 | N/A | 8.8 HIGH |
| OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. | |||||
| CVE-2021-42969 | 1 Anaconda | 1 Anaconda3 | 2024-02-14 | 9.3 HIGH | 8.8 HIGH |
| Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed. | |||||
| CVE-2021-42872 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-02-14 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. | |||||
| CVE-2021-42875 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-02-14 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. | |||||
| CVE-2022-30079 | 1 Netgear | 1 R6200 | 2024-02-14 | N/A | 8.8 HIGH |
| Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter. | |||||
| CVE-2018-5371 | 2 D-link, Dlink | 4 Dsl-2540u Firmware, Dsl-2640u Firmware, Dsl-2540u and 1 more | 2024-02-14 | 9.0 HIGH | 8.8 HIGH |
| diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. | |||||
| CVE-2022-30078 | 1 Netgear | 4 R6200, R6200 Firmware, R6300 and 1 more | 2024-02-14 | N/A | 8.8 HIGH |
| NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters. | |||||
| CVE-2009-2011 | 2 Dxstudio, Mozilla | 2 Dx Studio Player, Firefox | 2024-02-14 | 9.3 HIGH | N/A |
| Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method. | |||||
| CVE-2021-38306 | 1 Lg | 3 N1t1, N1t1 Firmware, N1t1dd1 | 2024-02-14 | 10.0 HIGH | 9.8 CRITICAL |
| Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter. | |||||