Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36457 | 1 Fit2cloud | 1 1panel | 2024-11-21 | N/A | 6.3 MEDIUM |
| 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6. | |||||
| CVE-2023-36415 | 1 Microsoft | 1 Azure Identity Sdk | 2024-11-21 | N/A | 8.8 HIGH |
| Azure Identity SDK Remote Code Execution Vulnerability | |||||
| CVE-2023-36414 | 1 Microsoft | 1 Azure Identity Sdk | 2024-11-21 | N/A | 8.8 HIGH |
| Azure Identity SDK Remote Code Execution Vulnerability | |||||
| CVE-2023-35974 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-11-21 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2023-35973 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-11-21 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2023-35972 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-11-21 | N/A | 7.2 HIGH |
| An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | |||||
| CVE-2023-35390 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 7.8 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-35035 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2024-11-21 | N/A | 8.8 HIGH |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557. | |||||
| CVE-2023-35033 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2024-11-21 | N/A | 8.8 HIGH |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556. | |||||
| CVE-2023-35032 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2024-11-21 | N/A | 8.8 HIGH |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554. | |||||
| CVE-2023-35031 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2024-11-21 | N/A | 8.8 HIGH |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036. | |||||
| CVE-2023-34999 | 1 Bosch | 1 Rts Vlink Virtual Matrix | 2024-11-21 | N/A | 8.4 HIGH |
| A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface. | |||||
| CVE-2023-34960 | 1 Chamilo | 1 Chamilo | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. | |||||
| CVE-2023-34849 | 1 Ikuai8 | 1 Ikuaios | 2024-11-21 | N/A | 9.8 CRITICAL |
| An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1. | |||||
| CVE-2023-34233 | 1 Snowflake | 1 Snowflake Connector | 2024-11-21 | N/A | 8.8 HIGH |
| The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 3.0.2 contains a patch for this issue. | |||||
| CVE-2023-34232 | 1 Snowflake | 1 Snowflake Connector | 2024-11-21 | N/A | 7.3 HIGH |
| snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 1.6.21 contains a patch for this issue. | |||||
| CVE-2023-34231 | 1 Snowflake | 1 Gosnowflake | 2024-11-21 | N/A | 8.8 HIGH |
| gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. A patch is available in version 1.6.19. | |||||
| CVE-2023-34230 | 1 Snowflake | 1 Snowflake Connector | 2024-11-21 | N/A | 7.3 HIGH |
| snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue. | |||||
| CVE-2023-34215 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices. | |||||
| CVE-2023-34214 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2024-11-21 | N/A | 7.2 HIGH |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. | |||||