CVE-2024-1624

CRITICAL Year: 2024
CVSS v3 Score
9.4
Critical
Weakness Type
CWE-78
View all →

Vulnerability Description

An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release R2023 through Release R2024. A specially crafted HTTP request can lead to arbitrary command execution.

Related Vulnerabilities

CVE-2020-15123

CRITICAL
CVSS:9.3(Critical)

In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly w...

CWE-782020

CVE-2024-0815

CRITICAL
CVSS:9.3(Critical)

Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0

CWE-782024

CVE-2020-15121

CRITICAL
CVSS:9.6(Critical)

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger t...

CWE-782020

CVE-2020-15272

CRITICAL
CVSS:9.6(Critical)

In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to ...

CWE-782020

CVE-2022-21178

CRITICAL
CVSS:9.6(Critical)

An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary comman...

CWE-782022

CVE-2022-22140

CRITICAL
CVSS:9.6(Critical)

An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command e...

CWE-782022