Export limit exceeded: 335538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5522 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22651 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 9.8 Critical |
| There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. | ||||
| CVE-2024-22353 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.9 Medium |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400. | ||||
| CVE-2024-22198 | 1 Nginxui | 1 Nginx Ui | 2024-11-21 | 7.1 High |
| Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9. | ||||
| CVE-2024-22189 | 1 Redhat | 4 Acm, Ansible Automation Platform, Openshift and 1 more | 2024-11-21 | 7.5 High |
| quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2024-21663 | 1 Demon1a | 1 Discord-recon | 2024-11-21 | 10 Critical |
| Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8. | ||||
| CVE-2024-20321 | 1 Cisco | 1 Nx-os | 2024-11-21 | 8.6 High |
| A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network. | ||||
| CVE-2024-1417 | 2024-11-21 | 7.8 High | ||
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6. | ||||
| CVE-2024-1378 | 1 Github | 1 Enterprise Server | 2024-11-21 | 9.1 Critical |
| A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com . | ||||
| CVE-2024-1369 | 1 Github | 1 Enterprise Server | 2024-11-21 | 9.1 Critical |
| A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com . | ||||
| CVE-2024-0919 | 1 Trendnet | 2 Tew-815dap, Tew-815dap Firmware | 2024-11-21 | 8.8 High |
| A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0507 | 1 Github | 1 Enterprise Server | 2024-11-21 | 6.5 Medium |
| An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-0325 | 1 Perforce | 1 Helix Sync | 2024-11-21 | 3.6 Low |
| In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. | ||||
| CVE-2023-6848 | 1 Kodcloud | 1 Kodbox | 2024-11-21 | 7.3 High |
| A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability. | ||||
| CVE-2023-6071 | 1 Trellix | 1 Enterprise Security Manager | 2024-11-21 | 8.4 High |
| An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source. | ||||
| CVE-2023-5963 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators. | ||||
| CVE-2023-5573 | 1 Vrite | 1 Vrite | 2024-11-21 | 6.5 Medium |
| Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0. | ||||
| CVE-2023-5371 | 1 Wireshark | 1 Wireshark | 2024-11-21 | 5.3 Medium |
| RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2023-5332 | 2 Gitlab, Hashicorp | 2 Gitlab, Consul | 2024-11-21 | 5.9 Medium |
| Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE. | ||||
| CVE-2023-5330 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable. | ||||
| CVE-2023-5289 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 8.8 High |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4. | ||||