Total
4244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38512 | 2024-11-21 | N/A | 7.2 HIGH | ||
| A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. | |||||
| CVE-2024-38511 | 2024-11-21 | N/A | 7.2 HIGH | ||
| A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | |||||
| CVE-2024-38510 | 2024-11-21 | N/A | 7.2 HIGH | ||
| A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. | |||||
| CVE-2024-38508 | 2024-11-21 | N/A | 7.2 HIGH | ||
| A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request. | |||||
| CVE-2024-37678 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script. | |||||
| CVE-2024-37140 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 8.8 HIGH |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | |||||
| CVE-2024-37091 | 1 Stylemixthemes | 1 Consulting Elementor Widgets | 2024-11-21 | N/A | 9.9 CRITICAL |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. | |||||
| CVE-2024-37066 | 1 Wyze | 2 Cam V4, Cam V4 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process. | |||||
| CVE-2024-36475 | 1 Centurysys | 33 Futurenet Nxr-1200, Futurenet Nxr-1200 Firmware, Futurenet Nxr-120\/c and 30 more | 2024-11-21 | N/A | 8.8 HIGH |
| FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed. | |||||
| CVE-2024-36394 | 1 Sysaid | 1 Sysaid | 2024-11-21 | N/A | 9.1 CRITICAL |
| SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | |||||
| CVE-2024-36103 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | |||||
| CVE-2024-35306 | 2024-11-21 | N/A | N/A | ||
| OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777. | |||||
| CVE-2024-35304 | 2024-11-21 | N/A | N/A | ||
| System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777. | |||||
| CVE-2024-34073 | 2024-11-21 | N/A | 7.8 HIGH | ||
| sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils` module allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the “requirements_path” parameter. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. This issue has been addressed in version 2.214.3. Users are advised to upgrade. Users unable to upgrade should not override the “requirements_path” parameter of capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils`, and instead use the default value. | |||||
| CVE-2024-34013 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396. | |||||
| CVE-2024-33793 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page. | |||||
| CVE-2024-33434 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering. | |||||
| CVE-2024-32937 | 2024-11-21 | N/A | 8.1 HIGH | ||
| An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | |||||
| CVE-2024-32850 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker with access to the product may execute an arbitrary command or login to the product with the administrator privilege. | |||||
| CVE-2024-32766 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||