Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32976 | 1 Qnap | 1 Container Station | 2023-10-18 | N/A | 7.2 HIGH |
| An OS command injection vulnerability has been reported to affect Container Station. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Container Station 2.6.7.44 and later | |||||
| CVE-2023-27380 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2023-10-18 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-28381 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2023-10-18 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-34356 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2023-10-18 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-35193 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2023-10-18 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8. | |||||
| CVE-2023-35194 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2023-10-18 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`. | |||||
| CVE-2021-1514 | 1 Cisco | 23 Catalyst Sd-wan Manager, Sd-wan Vbond Orchestrator, Sd-wan Vmanage and 20 more | 2023-10-16 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges. | |||||
| CVE-2023-30806 | 1 Sangfor | 1 Next-gen Application Firewall | 2023-10-13 | N/A | 9.8 CRITICAL |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie. | |||||
| CVE-2023-30805 | 1 Sangfor | 1 Next-gen Application Firewall | 2023-10-13 | N/A | 9.8 CRITICAL |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter. | |||||
| CVE-2023-36618 | 1 Unify | 1 Session Border Controller | 2023-10-06 | N/A | 8.8 HIGH |
| Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users. | |||||
| CVE-2023-43068 | 1 Dell | 1 Smartfabric Storage Software | 2023-10-06 | N/A | 8.8 HIGH |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands. | |||||
| CVE-2023-43069 | 1 Dell | 1 Smartfabric Storage Software | 2023-10-06 | N/A | 7.8 HIGH |
| Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker. | |||||
| CVE-2023-4401 | 1 Dell | 1 Smartfabric Storage Software | 2023-10-06 | N/A | 8.8 HIGH |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access. | |||||
| CVE-2023-33270 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33269 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33268 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33273 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33272 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33271 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-43893 | 1 Netis-systems | 2 N3m, N3m Firmware | 2023-10-04 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. | |||||