Total
3851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34116 | 1 Zoom | 1 Zoom | 2024-11-21 | N/A | 8.2 HIGH |
| Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. | |||||
| CVE-2023-33965 | 1 Txthinking | 1 Brook | 2024-11-21 | N/A | 9.6 CRITICAL |
| Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606. | |||||
| CVE-2023-33869 | 1 Enphase | 2 Envoy, Envoy Firmware | 2024-11-21 | N/A | 6.3 MEDIUM |
| Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands. | |||||
| CVE-2023-33839 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | N/A | 7.2 HIGH |
| IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. | |||||
| CVE-2023-33617 | 1 Eparks | 2 Fiberlink 210, Fiberlink 210 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter. | |||||
| CVE-2023-33381 | 1 Mitrastar | 2 Gpt-2741gnac, Gpt-2741gnac Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function. | |||||
| CVE-2023-33377 | 1 Connectedio | 1 Connected Io | 2024-11-21 | N/A | 9.8 CRITICAL |
| Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | |||||
| CVE-2023-33374 | 1 Connectedio | 1 Connected Io | 2024-11-21 | N/A | 9.8 CRITICAL |
| Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution. | |||||
| CVE-2023-33364 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | N/A | 8.8 HIGH |
| An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server. | |||||
| CVE-2023-33273 | 1 Dts | 1 Monitoring | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33272 | 1 Dts | 1 Monitoring | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33271 | 1 Dts | 1 Monitoring | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33270 | 1 Dts | 1 Monitoring | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33269 | 1 Dts | 1 Monitoring | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33268 | 1 Dts | 1 Monitoring | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33239 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. | |||||
| CVE-2023-33238 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2024-11-21 | N/A | 7.2 HIGH |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices. | |||||
| CVE-2023-33013 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | |||||
| CVE-2023-33012 | 1 Zyxel | 44 Usg 20w-vpn, Usg 20w-vpn Firmware, Usg 2200-vpn and 41 more | 2024-11-21 | N/A | 8.8 HIGH |
| A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled. | |||||
| CVE-2023-32976 | 1 Qnap | 1 Container Station | 2024-11-21 | N/A | 6.6 MEDIUM |
| An OS command injection vulnerability has been reported to affect Container Station. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Container Station 2.6.7.44 and later | |||||