Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-23108 | 1 Fortinet | 1 Fortisiem | 2024-02-28 | N/A | 9.8 CRITICAL |
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | |||||
CVE-2023-6926 | 1 Crestron | 2 Am-300, Am-300 Firmware | 2024-02-28 | N/A | 7.8 HIGH |
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access. | |||||
CVE-2023-48808 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | |||||
CVE-2024-22132 | 2024-02-28 | N/A | 7.4 HIGH | ||
SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. | |||||
CVE-2023-38317 | 1 Opennds | 1 Opennds | 2024-02-28 | N/A | 9.8 CRITICAL |
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | |||||
CVE-2023-3368 | 1 Chamilo | 1 Chamilo | 2024-02-28 | N/A | 9.8 CRITICAL |
Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960. | |||||
CVE-2023-48811 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | |||||
CVE-2023-49695 | 1 Elecom | 6 Wrc-x3000gs, Wrc-x3000gs Firmware, Wrc-x3000gsa and 3 more | 2024-02-28 | N/A | 6.8 MEDIUM |
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product. | |||||
CVE-2023-41289 | 1 Qnap | 1 Qcalagent | 2024-02-28 | N/A | 8.8 HIGH |
An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later | |||||
CVE-2024-22225 | 1 Dell | 1 Unity Operating Environment | 2024-02-28 | N/A | 7.8 HIGH |
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. | |||||
CVE-2023-45025 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-02-28 | N/A | 9.8 CRITICAL |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||
CVE-2023-3741 | 1 Nec | 44 Itk-12d-1\(bk\)tel, Itk-12d-1\(bk\)tel Firmware, Itk-12d-1p\(bk\)tel and 41 more | 2024-02-28 | N/A | 9.8 CRITICAL |
An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device. | |||||
CVE-2024-0168 | 1 Dell | 1 Unity Operating Environment | 2024-02-28 | N/A | 7.8 HIGH |
Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges. | |||||
CVE-2023-51698 | 1 Mate-desktop | 1 Atril | 2024-02-28 | N/A | 8.8 HIGH |
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6. | |||||
CVE-2023-37928 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2024-02-28 | N/A | 8.8 HIGH |
A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |||||
CVE-2024-23812 | 2024-02-28 | N/A | 8.0 HIGH | ||
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection. | |||||
CVE-2024-0170 | 1 Dell | 1 Unity Operating Environment | 2024-02-28 | N/A | 7.8 HIGH |
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | |||||
CVE-2023-51033 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. | |||||
CVE-2023-48800 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability. | |||||
CVE-2024-24329 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. |