Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-09 | CVE-2024-39437 | Command Injection vulnerability in Google Android 13.0/14.0 In linkturbonative service, there is a possible command injection due to improper input validation. | 6.7 |
2024-10-09 | CVE-2024-39438 | Command Injection vulnerability in Google Android 13.0/14.0 In linkturbonative service, there is a possible command injection due to improper input validation. | 6.7 |
2024-10-08 | CVE-2024-47562 | Command Injection vulnerability in Siemens Sinec Security Monitor A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). | 8.8 |
2024-10-02 | CVE-2024-20365 | Command Injection vulnerability in Cisco Unified Computing System A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. | 7.2 |
2024-10-02 | CVE-2024-20432 | Command Injection vulnerability in Cisco Nexus Dashboard Fabric Controller A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient validation of command arguments. | 8.8 |
2024-10-02 | CVE-2024-20492 | Command Injection vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
2024-09-26 | CVE-2024-8405 | Command Injection vulnerability in Papercut NG An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. | 5.5 |
2024-09-25 | CVE-2024-7575 | Command Injection vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 9.8 |
2024-09-25 | CVE-2024-7679 | Command Injection vulnerability in Telerik UI for WPF In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 7.8 |
2024-09-25 | CVE-2024-43693 | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |