Total
3851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48808 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | |||||
| CVE-2023-48807 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | |||||
| CVE-2023-48806 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | |||||
| CVE-2023-48805 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | |||||
| CVE-2023-48804 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | |||||
| CVE-2023-48803 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | |||||
| CVE-2023-48802 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | |||||
| CVE-2023-48800 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. | |||||
| CVE-2023-48782 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters | |||||
| CVE-2023-48668 | 1 Dell | 1 Powerprotect Data Domain Management Center | 2024-11-21 | N/A | 8.2 HIGH |
| Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. | |||||
| CVE-2023-48667 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-11-21 | N/A | 7.2 HIGH |
| Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker. | |||||
| CVE-2023-48665 | 1 Dell | 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2024-11-21 | N/A | 7.2 HIGH |
| Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system. | |||||
| CVE-2023-48664 | 1 Dell | 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2024-11-21 | N/A | 7.2 HIGH |
| Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system. | |||||
| CVE-2023-48663 | 1 Dell | 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2024-11-21 | N/A | 7.2 HIGH |
| Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system. | |||||
| CVE-2023-48662 | 1 Dell | 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2024-11-21 | N/A | 7.2 HIGH |
| Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system. | |||||
| CVE-2023-48428 | 1 Siemens | 1 Sinec Ins | 2024-11-21 | N/A | 7.2 HIGH |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level. | |||||
| CVE-2023-48380 | 1 Softnext | 1 Mail Sqr Expert | 2024-11-21 | N/A | 7.4 HIGH |
| Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | |||||
| CVE-2023-47802 | 2024-11-21 | N/A | 7.2 HIGH | ||
| A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. | |||||
| CVE-2023-47709 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524. | |||||
| CVE-2023-47675 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A | 7.2 HIGH |
| CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | |||||