Total
1755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46410 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function. | |||||
| CVE-2023-46409 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function. | |||||
| CVE-2023-46408 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function. | |||||
| CVE-2023-43510 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-11-01 | N/A | 6.3 MEDIUM |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise. | |||||
| CVE-2023-38193 | 1 Superwebmailer | 1 Superwebmailer | 2023-10-28 | N/A | 8.8 HIGH |
| An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line. | |||||
| CVE-2023-46574 | 1 Totolink | 2 A3700r, A3700r Firmware | 2023-10-27 | N/A | 9.8 CRITICAL |
| An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. | |||||
| CVE-2022-36786 | 1 Dlink | 2 Dsl-224, Dsl-224 Firmware | 2023-10-25 | N/A | 9.9 CRITICAL |
| DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. | |||||
| CVE-2021-41116 | 2 Getcomposer, Tenable | 2 Composer, Tenable.sc | 2023-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue. | |||||
| CVE-2023-21413 | 1 Axis | 1 Axis Os | 2023-10-20 | N/A | 7.2 HIGH |
| GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-45465 | 1 Netis-systems | 2 N3m, N3m Firmware | 2023-10-19 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | |||||
| CVE-2023-36954 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2023-10-19 | N/A | 9.8 CRITICAL |
| TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | |||||
| CVE-2023-36953 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2023-10-19 | N/A | 9.8 CRITICAL |
| TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | |||||
| CVE-2023-45852 | 1 Viessmann | 2 Vitogate 300, Vitogate 300 Firmware | 2023-10-18 | N/A | 9.8 CRITICAL |
| In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. | |||||
| CVE-2023-26320 | 1 Mi | 2 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware | 2023-10-16 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | |||||
| CVE-2023-26319 | 1 Mi | 2 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware | 2023-10-16 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | |||||
| CVE-2023-45208 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2023-10-16 | N/A | 8.8 HIGH |
| A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service. | |||||
| CVE-2023-45466 | 1 Netis-systems | 2 N3m, N3mv2 Firmware | 2023-10-16 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. | |||||
| CVE-2023-32632 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2023-10-12 | N/A | 9.8 CRITICAL |
| A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-45351 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2023-10-12 | N/A | 8.8 HIGH |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039. | |||||
| CVE-2023-45355 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2023-10-12 | N/A | 8.8 HIGH |
| Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120. | |||||