Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-10-09 CVE-2024-39437 Command Injection vulnerability in Google Android 13.0/14.0
In linkturbonative service, there is a possible command injection due to improper input validation.
local
low complexity
google CWE-77
6.7
2024-10-09 CVE-2024-39438 Command Injection vulnerability in Google Android 13.0/14.0
In linkturbonative service, there is a possible command injection due to improper input validation.
local
low complexity
google CWE-77
6.7
2024-10-08 CVE-2024-47562 Command Injection vulnerability in Siemens Sinec Security Monitor
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0).
local
low complexity
siemens CWE-77
8.8
2024-10-02 CVE-2024-20365 Command Injection vulnerability in Cisco Unified Computing System
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation.
network
low complexity
cisco CWE-77
7.2
2024-10-02 CVE-2024-20432 Command Injection vulnerability in Cisco Nexus Dashboard Fabric Controller
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. &nbsp; This vulnerability is due to improper user authorization and insufficient validation of command arguments.
network
low complexity
cisco CWE-77
8.8
2024-10-02 CVE-2024-20492 Command Injection vulnerability in Cisco Telepresence Video Communication Server
A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.
local
low complexity
cisco CWE-77
6.7
2024-09-26 CVE-2024-8405 Command Injection vulnerability in Papercut NG
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled.
local
low complexity
papercut CWE-77
5.5
2024-09-25 CVE-2024-7575 Command Injection vulnerability in Telerik UI for WPF
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
network
low complexity
telerik CWE-77
critical
9.8
2024-09-25 CVE-2024-7679 Command Injection vulnerability in Telerik UI for WPF
In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
local
low complexity
telerik CWE-77
7.8
2024-09-25 CVE-2024-43693 Command Injection vulnerability in Doverfuelingsolutions products
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
network
low complexity
doverfuelingsolutions CWE-77
critical
9.8