Total
3673 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-45741 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-01-04 | N/A | 6.8 MEDIUM |
VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands. | |||||
CVE-2022-39818 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-01-03 | N/A | 8.8 HIGH |
In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system. | |||||
CVE-2023-51035 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-01-03 | N/A | 9.8 CRITICAL |
TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. | |||||
CVE-2020-17010 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-31 | 7.2 HIGH | 7.8 HIGH |
Win32k Elevation of Privilege Vulnerability | |||||
CVE-2023-51100 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . | |||||
CVE-2023-51099 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . | |||||
CVE-2023-51098 | 1 Tenda | 2 W9, W9 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . | |||||
CVE-2023-51094 | 1 Tenda | 2 M3, M3 Firmware | 2023-12-30 | N/A | 9.8 CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | |||||
CVE-2023-51033 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. | |||||
CVE-2023-51028 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. | |||||
CVE-2023-50147 | 1 Totolink | 2 A3700r, A3700r Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. | |||||
CVE-2023-50466 | 1 Weintek | 2 Cmt2078x, Cmt2078x Firmware | 2023-12-29 | N/A | 8.8 HIGH |
An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter. | |||||
CVE-2023-50993 | 1 Ruijie | 4 Rg-ws6008, Rg-ws6008 Firmware, Rg-ws6108 and 1 more | 2023-12-29 | N/A | 9.8 CRITICAL |
Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles. | |||||
CVE-2023-7002 | 1 Backupbliss | 1 Backup Migration | 2023-12-29 | N/A | 7.2 HIGH |
The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system. | |||||
CVE-2023-35895 | 1 Ibm | 1 Informix Jdbc | 2023-12-28 | N/A | 9.8 CRITICAL |
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116. | |||||
CVE-2023-44277 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2023-12-27 | N/A | 7.8 HIGH |
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | |||||
CVE-2023-44279 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2023-12-27 | N/A | 6.7 MEDIUM |
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker | |||||
CVE-2023-48667 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2023-12-27 | N/A | 7.2 HIGH |
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker. | |||||
CVE-2023-48668 | 1 Dell | 1 Powerprotect Data Domain Management Center | 2023-12-27 | N/A | 6.7 MEDIUM |
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. | |||||
CVE-2023-47565 | 1 Qnap | 1 Qvr Firmware | 2023-12-22 | N/A | 8.8 HIGH |
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later |