Command Injection — 272 CVEs (Page 3/3)

2024-05-03

Medium

CVE-2023-44416

D-Link DAP-2622 Telnet CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DA…

CVSS: 6.8 CWE: CWE-78

High

CVE-2023-42128

Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forens…

CVSS: 8.0 CWE: CWE-78

High

CVE-2023-42123

Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Pa…

CVSS: 8.8 CWE: CWE-78

High

CVE-2023-42122

Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel.…

CVSS: 7.8 CWE: CWE-78

High

CVE-2023-42120

Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web…

CVSS: 8.8 CWE: CWE-78

High

CVE-2023-39471

TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL…

CVSS: 8.8 CWE: CWE-78

High

CVE-2023-38120

Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Al…

CVSS: 8.8 CWE: CWE-78

Medium

CVE-2023-32153

D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR…

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2023-32151

D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link D…

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2023-32150

D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR…

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2023-32147

D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Lin…

CVSS: 6.8 CWE: CWE-78

2024-04-16

Critical

CVE-2024-3271

A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for th…

CVSS: 9.8 CWE: CWE-77

2024-04-15

High

CVE-2024-2659

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrati…

CVSS: 7.2 CWE: CWE-78

2024-04-10

Critical

CVE-2024-2029

A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription.…

CVSS: 9.8 CWE: CWE-78

2024-04-04

High

CVE-2024-3273

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the…

CVSS: 7.3 CWE: CWE-77

2024-04-03

High

CVE-2024-1180

TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of T…

CVSS: 8.0 CWE: CWE-78

2024-03-27

High

CVE-2024-1540

A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnera…

CVSS: 8.2 CWE: CWE-77

2024-03-06

Medium

CVE-2024-20335

A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks…

CVSS: 6.5 CWE: CWE-78

2024-03-05

High

CVE-2024-25613

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a…

CVSS: 7.2 CWE: CWE-77

High

CVE-2024-25612

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a…

CVSS: 7.2 CWE: CWE-77

High

CVE-2024-25611

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a…

CVSS: 7.2 CWE: CWE-77

High

CVE-2024-1356

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a…

CVSS: 7.2 CWE: CWE-77

2023-06-14

Critical

CVE-2023-31746

There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root u…

CVSS: 9.8 CWE: CWE-77

2023-02-06

High

CVE-2023-0669

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled o…

CVSS: 7.2 CWE: CWE-502

2022-11-16

Critical

CVE-2022-40752

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687.

CVSS: 9.8 CWE: CWE-77

2022-05-03

High

CVE-2022-1292

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed.…

CVSS: 7.3 CWE: CWE-78

2021-08-16

Critical

CVE-2021-35395

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface ex…

CVSS: 9.8 CWE: N/A

Critical

CVE-2021-35394

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulne…

CVSS: 9.8 CWE: CWE-78

2021-02-15

High

CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization…

CVSS: 8.8 CWE: CWE-78

2021-01-20

Critical

CVE-2021-1264

A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input vali…

CVSS: 9.6 CWE: CWE-78

2020-09-02

High

CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.

CVSS: 8.8 CWE: CWE-77

2020-07-24

High

CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that t…

CVSS: 7.4 CWE: CWE-78