Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37928 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2023-12-06 | N/A | 8.8 HIGH |
| A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |||||
| CVE-2023-37927 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2023-12-06 | N/A | 8.8 HIGH |
| The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |||||
| CVE-2023-35138 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2023-12-05 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | |||||
| CVE-2023-23325 | 1 Zumtobel | 2 Netlink Ccd, Netlink Ccd Firmware | 2023-12-05 | N/A | 9.8 CRITICAL |
| Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter. | |||||
| CVE-2023-6201 | 1 Univera | 1 Panorama | 2023-12-05 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: before 8.0. | |||||
| CVE-2023-3741 | 1 Nec | 44 Itk-12d-1\(bk\)tel, Itk-12d-1\(bk\)tel Firmware, Itk-12d-1p\(bk\)tel and 41 more | 2023-12-05 | N/A | 9.8 CRITICAL |
| An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device. | |||||
| CVE-2023-3368 | 1 Chamilo | 1 Chamilo | 2023-12-04 | N/A | 9.8 CRITICAL |
| Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960. | |||||
| CVE-2022-25173 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | |||||
| CVE-2022-25174 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | |||||
| CVE-2022-25175 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | |||||
| CVE-2023-4221 | 1 Chamilo | 1 Chamilo Lms | 2023-11-30 | N/A | 8.8 HIGH |
| Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters. | |||||
| CVE-2023-4222 | 1 Chamilo | 1 Chamilo Lms | 2023-11-30 | N/A | 8.8 HIGH |
| Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters. | |||||
| CVE-2023-35762 | 1 Inea | 2 Me Rtu, Me Rtu Firmware | 2023-11-29 | N/A | 9.8 CRITICAL |
| Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution. | |||||
| CVE-2023-43752 | 1 Elecom | 6 Wrc-x3000gs2-b, Wrc-x3000gs2-b Firmware, Wrc-x3000gs2-w and 3 more | 2023-11-29 | N/A | 8.0 HIGH |
| OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | |||||
| CVE-2023-6018 | 1 Lfprojects | 1 Mlflow | 2023-11-29 | N/A | 9.8 CRITICAL |
| An attacker can overwrite any file on the server hosting MLflow without any authentication. | |||||
| CVE-2023-4149 | 1 Wago | 6 0852-0602, 0852-0602 Firmware, 0852-0603 and 3 more | 2023-11-29 | N/A | 9.8 CRITICAL |
| A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management. | |||||
| CVE-2023-41109 | 1 Patton | 2 Smartnode Sn200, Smartnode Sn200 Firmware | 2023-11-28 | N/A | 9.8 CRITICAL |
| SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection. | |||||
| CVE-2022-20617 | 1 Jenkins | 1 Docker Commons | 2023-11-22 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository. | |||||
| CVE-2022-27811 | 1 Gnome | 1 Ocrfeeder | 2023-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | |||||
| CVE-2021-33841 | 1 Circutor | 2 Sge-plc1000, Sge-plc1000 Firmware | 2023-11-22 | 10.0 HIGH | 9.8 CRITICAL |
| SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. | |||||