Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-48668 | 1 Dell | 1 Powerprotect Data Domain Management Center | 2024-02-28 | N/A | 6.7 MEDIUM |
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. | |||||
CVE-2023-47254 | 1 Draytek | 2 Vigor167, Vigor167 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. | |||||
CVE-2023-47567 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-02-28 | N/A | 7.2 HIGH |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||
CVE-2022-39818 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-02-28 | N/A | 8.8 HIGH |
In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system. | |||||
CVE-2023-48804 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | |||||
CVE-2023-45741 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-02-28 | N/A | 6.8 MEDIUM |
VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands. | |||||
CVE-2023-52311 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-02-28 | N/A | 9.8 CRITICAL |
PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system. | |||||
CVE-2023-39294 | 1 Qnap | 2 Qts, Quts Hero | 2024-02-28 | N/A | 7.2 HIGH |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later | |||||
CVE-2023-42495 | 1 Dasannetworks | 1 W-web | 2024-02-28 | N/A | 9.8 CRITICAL |
Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | |||||
CVE-2023-51094 | 1 Tenda | 2 M3, M3 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | |||||
CVE-2023-5372 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2024-02-28 | N/A | 7.2 HIGH |
The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface. | |||||
CVE-2023-48380 | 1 Softnext | 1 Mail Sqr Expert | 2024-02-28 | N/A | 8.0 HIGH |
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | |||||
CVE-2023-48812 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | |||||
CVE-2023-43482 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2023-47565 | 1 Qnap | 1 Qvr Firmware | 2024-02-28 | N/A | 8.8 HIGH |
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later | |||||
CVE-2023-48664 | 1 Dell | 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2024-02-28 | N/A | 7.2 HIGH |
Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system. | |||||
CVE-2023-6201 | 1 Univera | 1 Panorama | 2024-02-28 | N/A | 8.8 HIGH |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: before 8.0. | |||||
CVE-2023-51100 | 1 Tenda | 2 W9, W9 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . | |||||
CVE-2024-0164 | 1 Dell | 1 Unity Operating Environment | 2024-02-28 | N/A | 7.8 HIGH |
Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges. | |||||
CVE-2023-51217 | 1 Tenhot | 2 Tws-200, Tws-200 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component. |