CVE-2024-24897

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-77
View all →

Vulnerability Description

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py. This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0.

Related Vulnerabilities

CVE-2011-4182

HIGH
CVSS:8.1(High)

Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1...

CWE-772011

CVE-2013-7377

HIGH
CVSS:8.1(High)

The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.

CWE-772013

CVE-2015-10096

HIGH
CVSS:8.1(High)

A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer...

CWE-772015

CVE-2016-0396

HIGH
CVSS:8.1(High)

IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected.

CWE-772016

CVE-2016-10843

HIGH
CVSS:8.1(High)

cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).

CWE-772016

CVE-2016-3081

HIGH
CVSS:8.1(High)

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to c...

CWE-772016