Total
1755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20889 | 1 Vmware | 1 Vrealize Network Insight | 2023-06-14 | N/A | 7.5 HIGH |
| Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | |||||
| CVE-2022-40022 | 1 Microchip | 2 Syncserver S650, Syncserver S650 Firmware | 2023-06-14 | N/A | 9.8 CRITICAL |
| Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. | |||||
| CVE-2023-33556 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-06-14 | N/A | 9.8 CRITICAL |
| TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. | |||||
| CVE-2023-33538 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2023-06-13 | N/A | 8.8 HIGH |
| TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | |||||
| CVE-2023-34111 | 1 Tdengine | 1 Grafana | 2023-06-13 | N/A | 9.8 CRITICAL |
| The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of `${{ github.event.pull_request.title }}` in a bash command within the GitHub workflow. Attackers can inject malicious commands which will be executed by the workflow. This happens because `${{ github.event.pull_request.title }}` is directly passed to bash command on like 25 of the workflow. This may allow an attacker to gain access to secrets which the github action has access to or to otherwise make use of the compute resources. | |||||
| CVE-2023-33782 | 1 Dlink | 2 Dir-842v2, Dir-842v2 Firmware | 2023-06-13 | N/A | 8.8 HIGH |
| D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. | |||||
| CVE-2023-33532 | 1 Netgear | 2 R6250, R6250 Firmware | 2023-06-12 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges. | |||||
| CVE-2019-6986 | 1 Duraspace | 1 Vitro | 2023-06-12 | 5.0 MEDIUM | 7.5 HIGH |
| SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. | |||||
| CVE-2023-28704 | 1 Furbo | 2 Dog Camera, Dog Camera Firmware | 2023-06-09 | N/A | 8.8 HIGH |
| Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service. | |||||
| CVE-2023-33722 | 1 Edimax | 2 Br-6288acl, Br-6288acl Firmware | 2023-06-08 | N/A | 8.8 HIGH |
| EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter. | |||||
| CVE-2023-33487 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-06-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. | |||||
| CVE-2023-33486 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-06-06 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. | |||||
| CVE-2023-23952 | 1 Broadcom | 2 Advanced Secure Gateway, Content Analysis | 2023-06-06 | N/A | 9.8 CRITICAL |
| Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. | |||||
| CVE-2022-46361 | 1 Honeywell | 2 Onewireless Network Wireless Device Manager, Onewireless Network Wireless Device Manager Firmware | 2023-06-06 | N/A | 6.8 MEDIUM |
| An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2. | |||||
| CVE-2020-29547 | 1 Citadel | 1 Webcit | 2023-06-05 | N/A | 5.9 MEDIUM |
| An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure. | |||||
| CVE-2022-24630 | 1 Audiocodes | 1 Device Manager Express | 2023-06-02 | N/A | 7.2 HIGH |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed. | |||||
| CVE-2023-2868 | 1 Barracuda | 10 Email Security Gateway 300, Email Security Gateway 300 Firmware, Email Security Gateway 400 and 7 more | 2023-06-01 | N/A | 9.8 CRITICAL |
| A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. | |||||
| CVE-2023-31460 | 1 Mitel | 1 Mivoice Connect | 2023-06-01 | N/A | 7.2 HIGH |
| A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. | |||||
| CVE-2023-31996 | 1 Hanwhavision | 236 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 233 more | 2023-05-31 | N/A | 8.8 HIGH |
| Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. | |||||
| CVE-2023-31741 | 1 Linksys | 2 E2000, E2000 Firmware | 2023-05-31 | N/A | 7.2 HIGH |
| There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | |||||