Total
4781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43959 | 1 Yealink | 2 Sip-t19p-e2, Sip-t19p-e2 Firmware | 2024-11-21 | 8.8 High |
| An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component. | ||||
| CVE-2023-43893 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | 9.8 Critical |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. | ||||
| CVE-2023-43890 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | 8.8 High |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. | ||||
| CVE-2023-43752 | 1 Elecom | 6 Wrc-x3000gs2-b, Wrc-x3000gs2-b Firmware, Wrc-x3000gs2-w and 3 more | 2024-11-21 | 8.0 High |
| OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | ||||
| CVE-2023-43744 | 1 Zultys | 12 Mx-e, Mx-e Firmware, Mx-se and 9 more | 2024-11-21 | 7.2 High |
| An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command. | ||||
| CVE-2023-43139 | 1 Franfinance | 1 Franfinance | 2024-11-21 | 9.8 Critical |
| An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components. | ||||
| CVE-2023-43130 | 2 D-link, Dlink | 3 Dir-806 1200m11ac, Dir-806, Dir-806 Firmware | 2024-11-21 | 9.8 Critical |
| D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. | ||||
| CVE-2023-43129 | 2 D-link, Dlink | 3 Dir-806 1200m11ac, Dir-806, Dir-806 Firmware | 2024-11-21 | 9.8 Critical |
| D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters. | ||||
| CVE-2023-43069 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | 7.8 High |
| Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker. | ||||
| CVE-2023-43068 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | 7.8 High |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands. | ||||
| CVE-2023-43066 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 5.1 Medium |
| Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. | ||||
| CVE-2023-42495 | 1 Dasannetworks | 1 W-web | 2024-11-21 | 9.8 Critical |
| Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | ||||
| CVE-2023-41838 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 6.9 Medium |
| An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. | ||||
| CVE-2023-41352 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-11-21 | 7.2 High |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | ||||
| CVE-2023-41348 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2024-11-21 | 8.8 High |
| ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | ||||
| CVE-2023-41347 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2024-11-21 | 8.8 High |
| ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | ||||
| CVE-2023-41346 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2024-11-21 | 8.8 High |
| ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | ||||
| CVE-2023-41345 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2024-11-21 | 8.8 High |
| ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services. | ||||
| CVE-2023-41283 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.5 Medium |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-41149 | 1 F-revocrm | 1 F-revocrm | 2024-11-21 | 9.8 Critical |
| F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running. | ||||