Total
1755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22758 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2023-03-10 | N/A | 7.2 HIGH |
| Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | |||||
| CVE-2023-22747 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2023-03-10 | N/A | 9.8 CRITICAL |
| There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2022-35265 | 1 Robustel | 2 R1510, R1510 Firmware | 2023-03-08 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_nodejs_app/` API. | |||||
| CVE-2022-45462 | 1 Apache | 1 Dolphinscheduler | 2023-03-07 | N/A | 9.8 CRITICAL |
| Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher | |||||
| CVE-2023-26602 | 1 Asus | 1 Asmb8-ikvm Firmware | 2023-03-07 | N/A | 9.8 CRITICAL |
| ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | |||||
| CVE-2022-48259 | 1 Huawei | 2 Bisheng-wnm, Bisheng-wnm Firmware | 2023-03-07 | N/A | 9.8 CRITICAL |
| There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could allow attackers to gain higher privileges. | |||||
| CVE-2022-48255 | 1 Huawei | 2 Bisheng-wnm, Bisheng-wnm Firmware | 2023-03-07 | N/A | 9.8 CRITICAL |
| There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. | |||||
| CVE-2023-23080 | 1 Tenda | 10 Cp3, Cp3 Firmware, Cp7 and 7 more | 2023-03-07 | N/A | 9.8 CRITICAL |
| Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908. | |||||
| CVE-2023-23295 | 1 Korenix | 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more | 2023-03-06 | N/A | 8.8 HIGH |
| Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root. | |||||
| CVE-2023-23294 | 1 Korenix | 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more | 2023-03-06 | N/A | 8.8 HIGH |
| Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root. | |||||
| CVE-2023-23917 | 1 Rocket.chat | 1 Rocket.chat | 2023-03-03 | N/A | 8.8 HIGH |
| A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well. | |||||
| CVE-2022-45600 | 1 Aztech | 2 Wmb250ac, Wmb250ac Firmware | 2023-03-03 | N/A | 8.8 HIGH |
| Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | |||||
| CVE-2023-24184 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-03-02 | N/A | 9.8 CRITICAL |
| TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. | |||||
| CVE-2019-1010174 | 2 Cimg, Debian | 2 Cimg Library, Debian Linux | 2023-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4. | |||||
| CVE-2023-25805 | 1 Versionn Project | 1 Versionn | 2023-03-01 | N/A | 9.8 CRITICAL |
| versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. This issue is patched in version 1.1.0. | |||||
| CVE-2022-40021 | 1 Qvidium | 2 Amino A140, Amino A140 Firmware | 2023-03-01 | N/A | 9.8 CRITICAL |
| QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability. | |||||
| CVE-2022-35267 | 1 Robustel | 2 R1510, R1510 Firmware | 2023-03-01 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_https_cert_file/` API. | |||||
| CVE-2023-24238 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-02-24 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. | |||||
| CVE-2023-24236 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-02-24 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. | |||||
| CVE-2021-33963 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2023-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands. | |||||