Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20097 | 1 Cisco | 61 Aironet 1540, Aironet 1542d, Aironet 1542i and 58 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP. | |||||
| CVE-2023-20017 | 1 Cisco | 1 Intersight Private Virtual Appliance | 2024-11-21 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. | |||||
| CVE-2023-20013 | 1 Cisco | 1 Intersight Private Virtual Appliance | 2024-11-21 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. | |||||
| CVE-2023-1877 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A | 9.8 CRITICAL |
| Command Injection in GitHub repository microweber/microweber prior to 1.3.3. | |||||
| CVE-2023-1708 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.7 MEDIUM |
| An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. | |||||
| CVE-2023-1685 | 1 Hadsky | 1 Hadsky | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224242 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1671 | 1 Sophos | 1 Web Appliance | 2024-11-21 | N/A | 9.8 CRITICAL |
| A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | |||||
| CVE-2023-1458 | 1 Ui | 2 Edgerouter X, Edgerouter X Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-223303. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities. | |||||
| CVE-2023-1457 | 1 Ui | 2 Edgerouter X, Edgerouter X Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities. | |||||
| CVE-2023-1456 | 1 Ui | 2 Edgerouter X, Edgerouter X Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities. | |||||
| CVE-2023-1389 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | |||||
| CVE-2023-1162 | 1 Draytek | 2 Vigor 2960, Vigor 2960 Firmware | 2024-11-21 | 8.3 HIGH | 7.2 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-1141 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 8.8 HIGH |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. | |||||
| CVE-2023-1097 | 1 Baicells | 2 Eg7035-m11, Eg7035-m11 Firmware | 2024-11-21 | N/A | 9.3 CRITICAL |
| Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery. | |||||
| CVE-2023-1000 | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0978 | 2 Mcafee, Trellix | 2 Advanced Threat Defense, Intelligent Sandbox | 2024-11-21 | N/A | 6.4 MEDIUM |
| A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack | |||||
| CVE-2023-0849 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152. | |||||
| CVE-2023-0789 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 8.1 HIGH |
| Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2023-0776 | 1 Baicells | 8 Neutrino 430, Neutrino 430 Firmware, Nova430e and 5 more | 2024-11-21 | N/A | 8.1 HIGH |
| Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. | |||||
| CVE-2023-0649 | 1 Dst-admin Project | 1 Dst-admin | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036. | |||||