Total
1755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37679 | 1 Nextgen | 1 Mirth Connect | 2024-01-31 | N/A | 9.8 CRITICAL |
| A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. | |||||
| CVE-2023-52038 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-01-30 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. | |||||
| CVE-2023-52039 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-01-30 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | |||||
| CVE-2023-52040 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-01-30 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. | |||||
| CVE-2024-22651 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-01-30 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. | |||||
| CVE-2023-50274 | 1 Hp | 1 Oneview | 2024-01-29 | N/A | 7.8 HIGH |
| HPE OneView may allow command injection with local privilege escalation. | |||||
| CVE-2023-24135 | 1 Jensenofscandinavia | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2024-01-29 | N/A | 7.8 HIGH |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter. | |||||
| CVE-2024-22663 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-01-29 | N/A | 9.8 CRITICAL |
| TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg | |||||
| CVE-2023-20237 | 1 Cisco | 4 Intersight Assist, Intersight Connected Virtual Appliance, Intersight Private Virtual Appliance and 1 more | 2024-01-25 | N/A | 4.3 MEDIUM |
| A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level. | |||||
| CVE-2023-20220 | 1 Cisco | 1 Firepower Management Center | 2024-01-25 | N/A | 8.8 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device. | |||||
| CVE-2023-20219 | 1 Cisco | 1 Firepower Management Center | 2024-01-25 | N/A | 8.8 HIGH |
| Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device. | |||||
| CVE-2023-20209 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-01-25 | N/A | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges. | |||||
| CVE-2023-20170 | 1 Cisco | 1 Identity Services Engine | 2024-01-25 | N/A | 6.7 MEDIUM |
| A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | |||||
| CVE-2023-20118 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2024-01-25 | N/A | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not and will not release software updates that address this vulnerability. | |||||
| CVE-2023-20075 | 1 Cisco | 1 Email Security Appliance | 2024-01-25 | N/A | 6.7 MEDIUM |
| Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials. | |||||
| CVE-2023-20045 | 1 Cisco | 8 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 5 more | 2024-01-25 | N/A | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on the affected device. To exploit this vulnerability, the attacker must have valid Administrator-level credentials on the affected device. | |||||
| CVE-2023-20026 | 1 Cisco | 8 Rv016, Rv016 Firmware, Rv042 and 5 more | 2024-01-25 | N/A | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. | |||||
| CVE-2023-20017 | 1 Cisco | 1 Intersight Private Virtual Appliance | 2024-01-25 | N/A | 9.1 CRITICAL |
| Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. | |||||
| CVE-2023-20013 | 1 Cisco | 1 Intersight Private Virtual Appliance | 2024-01-25 | N/A | 9.1 CRITICAL |
| Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. | |||||
| CVE-2022-20934 | 1 Cisco | 2 Firepower Extensible Operating System, Firepower Threat Defense | 2024-01-25 | N/A | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials. | |||||