Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40301 | 1 Netscout | 1 Ngeniuspulse | 2024-11-21 | N/A | 9.8 CRITICAL |
| NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. | |||||
| CVE-2023-40293 | 1 Samsung | 1 Harman Infotainment | 2024-11-21 | N/A | 6.8 MEDIUM |
| Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object. | |||||
| CVE-2023-40263 | 1 Unify | 1 Openscape Voice Trace Manager V8 | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp. | |||||
| CVE-2023-40146 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability. | |||||
| CVE-2023-3739 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | N/A | 6.3 MEDIUM |
| Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low) | |||||
| CVE-2023-3718 | 1 Hpe | 27 Aruba Cx 10000-48y6, Aruba Cx 4100i, Aruba Cx 6000 12g and 24 more | 2024-11-21 | N/A | 8.8 HIGH |
| An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX. | |||||
| CVE-2023-3710 | 1 Honeywell | 2 Pm43, Pm43 Firmware | 2024-11-21 | N/A | 9.9 CRITICAL |
| Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). | |||||
| CVE-2023-3206 | 1 Feiyuxing | 2 Vec40g, Vec40g Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=restart. The manipulation of the argument restart with the input reboot leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-39834 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. | |||||
| CVE-2023-39809 | 1 Nvki | 1 Intelligent Broadband Subscriber Gateway | 2024-11-21 | N/A | 9.8 CRITICAL |
| N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php. | |||||
| CVE-2023-39780 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability. | |||||
| CVE-2023-39638 | 1 Dlink | 2 Dir-859 A1, Dir-859 A1 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin. | |||||
| CVE-2023-39637 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. | |||||
| CVE-2023-39618 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface. | |||||
| CVE-2023-39617 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | |||||
| CVE-2023-39523 | 1 Nexb | 1 Scancode.io | 2024-11-21 | N/A | 6.8 MEDIUM |
| ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the `docker_reference` parameter. In the function `scanpipe/pipes/fetch.py:fetch_docker_image` the parameter `docker_reference` is user controllable. The `docker_reference` variable is then passed to the vulnerable function `get_docker_image_platform`. However, the `get_docker_image_plaform` function constructs a shell command with the passed `docker_reference`. The `pipes.run_command` then executes the shell command without any prior sanitization, making the function vulnerable to command injections. A malicious user who is able to create or add inputs to a project can inject commands. Although the command injections are blind and the user will not receive direct feedback without logs, it is still possible to cause damage to the server/container. The vulnerability appears for example if a malicious user adds a semicolon after the input of `docker://;`, it would allow appending malicious commands. Version 32.5.1 contains a patch for this issue. The `docker_reference` input should be sanitized to avoid command injections and, as a workaround, one may avoid creating commands with user controlled input directly. | |||||
| CVE-2023-39509 | 1 Bosch | 4 Cpp13, Cpp13 Firmware, Cpp14 and 1 more | 2024-11-21 | N/A | 7.2 HIGH |
| A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. | |||||
| CVE-2023-39293 | 1 Mitel | 3 Mivoice Office 400, Mivoice Office 400 Smb Controller, Mivoice Office 400 Smb Controller Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. | |||||
| CVE-2023-39008 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. | |||||
| CVE-2023-39001 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | |||||