Export limit exceeded: 349371 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349371 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349371 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6231 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22532 | 1 Microfocus | 1 Edirectory | 2024-09-19 | 7.6 High |
| Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000. | ||||
| CVE-2024-7110 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 6.4 Medium |
| An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. | ||||
| CVE-2024-38641 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-16 | 7.8 High |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later | ||||
| CVE-2024-38486 | 1 Dell | 1 Smartfabric Os10 | 2024-09-13 | 7.5 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2021-38120 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | 5.1 Medium |
| A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. | ||||
| CVE-2024-44466 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-09-13 | 9.8 Critical |
| COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface. | ||||
| CVE-2024-43783 | 1 Apollographql | 3 Apollo-router, Apollo Helms-charts Router, Apollo Router | 2024-09-12 | 7.5 High |
| The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a denial of service vulnerability if _all_ of the following are true: 1. The Apollo Router has been configured to support [External Coprocessing](https://www.apollographql.com/docs/router/customizations/coprocessor). 2. The Apollo Router has been configured to send request bodies to coprocessors. This is a non-default configuration and must be configured intentionally by administrators. Instances of the Apollo Router running versions >=1.7.0 and <1.52.1 are impacted by a denial-of-service vulnerability if all of the following are true: 1. Router has been configured to use a custom-developed Native Rust Plugin. 2. The plugin accesses Request.router_request in the RouterService layer. 3. You are accumulating the body from Request.router_request into memory. If using an impacted configuration, the Router will load entire HTTP request bodies into memory without respect to other HTTP request size-limiting configurations like limits.http_max_request_bytes. This can cause the Router to be out-of-memory (OOM) terminated if a sufficiently large request is sent to the Router. By default, the Router sets limits.http_max_request_bytes to 2 MB. If you have an impacted configuration as defined above, please upgrade to at least Apollo Router 1.52.1. If you cannot upgrade, you can mitigate the denial-of-service opportunity impacting External Coprocessors by setting the coprocessor.router.request.body configuration option to false. Please note that changing this configuration option will change the information sent to any coprocessors you have configured and may impact functionality implemented by those coprocessors. If you have developed a Native Rust Plugin and cannot upgrade, you can update your plugin to either not accumulate the request body or enforce a maximum body size limit. You can also mitigate this issue by limiting HTTP body payload sizes prior to the Router (e.g., in a proxy or web application firewall appliance). | ||||
| CVE-2024-8073 | 1 Hillstonenet | 1 Web Application Firewall | 2024-09-12 | 9.8 Critical |
| Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13. | ||||
| CVE-2024-8391 | 3 Eclipse, Eclipse Foundation, Redhat | 6 Vert.x, Vert.x, Camel Quarkus and 3 more | 2024-09-12 | 7.5 High |
| In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) | ||||
| CVE-2024-44401 | 2 D-link, Dlink | 3 Di-8100, Di-8100g, Di-8100g Firmware | 2024-09-12 | 9.8 Critical |
| D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file | ||||
| CVE-2024-41175 | 1 Beckhoff | 2 Ipc Diagnostics Package, Twincat\/bsd | 2024-09-12 | 5.5 Medium |
| The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker. | ||||
| CVE-2024-44844 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-09-11 | 8 High |
| DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. | ||||
| CVE-2024-44845 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-09-11 | 8 High |
| DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. | ||||
| CVE-2024-7436 | 2 D-link, Dlink | 3 Di-8100, Di-8100, Di-8100 Firmware | 2024-09-11 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability. | ||||
| CVE-2024-21903 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | 6.6 Medium |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | ||||
| CVE-2024-44410 | 2 D-link, Dlink | 3 Di-8300, Di-8300, Di-8300 Firmware | 2024-09-10 | 9.8 Critical |
| D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. | ||||
| CVE-2024-44402 | 2 D-link, Dlink | 3 Di-8100g, Di-8100g, Di-8100g Firmware | 2024-09-10 | 9.8 Critical |
| D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. | ||||
| CVE-2024-42348 | 1 Fogproject | 1 Fogproject | 2024-09-10 | 9.3 Critical |
| FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395. | ||||
| CVE-2024-44383 | 1 Wayos | 2 Fbm-291w, Fbm-291w Firmware | 2024-09-05 | 8 High |
| WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm. | ||||
| CVE-2024-21658 | 1 Discourse | 1 Discourse Calendar | 2024-09-05 | 4.3 Medium |
| discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible. | ||||