Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33235 | 1 Moxa | 1 Mxsecurity | 2024-11-21 | N/A | 7.2 HIGH |
| MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. | |||||
| CVE-2023-33136 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | N/A | 8.8 HIGH |
| Azure DevOps Server Remote Code Execution Vulnerability | |||||
| CVE-2023-32782 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | N/A | 7.2 HIGH |
| A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | |||||
| CVE-2023-32781 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | N/A | 7.2 HIGH |
| A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | |||||
| CVE-2023-32632 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-32073 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 8.8 HIGH |
| WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3. | |||||
| CVE-2023-32007 | 1 Apache | 1 Spark | 2024-11-21 | N/A | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This issue was disclosed earlier as CVE-2022-33891, but incorrectly claimed version 3.1.3 (which has since gone EOL) would not be affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Users are recommended to upgrade to a supported version of Apache Spark, such as version 3.4.0. | |||||
| CVE-2023-31996 | 1 Hanwhavision | 236 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 233 more | 2024-11-21 | N/A | 8.8 HIGH |
| Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. | |||||
| CVE-2023-31986 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations. | |||||
| CVE-2023-31985 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations. | |||||
| CVE-2023-31983 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations. | |||||
| CVE-2023-31856 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet. | |||||
| CVE-2023-31746 | 1 Vw2100 Project | 2 Vw2100, Vw2100 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user. | |||||
| CVE-2023-31742 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | |||||
| CVE-2023-31741 | 1 Linksys | 2 E2000, E2000 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | |||||
| CVE-2023-31740 | 1 Linksys | 2 E2000, E2000 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. | |||||
| CVE-2023-31729 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. | |||||
| CVE-2023-31701 | 1 Tp-link | 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. | |||||
| CVE-2023-31700 | 1 Tp-link | 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. | |||||
| CVE-2023-31569 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. | |||||