Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-48782 | 1 Fortinet | 1 Fortiwlm | 2024-02-28 | N/A | 8.8 HIGH |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters | |||||
CVE-2024-22224 | 1 Dell | 1 Unity Operating Environment | 2024-02-28 | N/A | 7.8 HIGH |
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | |||||
CVE-2023-50147 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. | |||||
CVE-2023-41288 | 1 Qnap | 1 Video Station | 2024-02-28 | N/A | 8.8 HIGH |
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later | |||||
CVE-2023-4473 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device. | |||||
CVE-2023-48807 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | |||||
CVE-2023-38319 | 1 Opennds | 1 Opennds | 2024-02-28 | N/A | 9.8 CRITICAL |
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | |||||
CVE-2024-24330 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. | |||||
CVE-2023-48810 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | |||||
CVE-2024-24327 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. | |||||
CVE-2023-51984 | 1 Dlink | 2 Dir-822, Dir-822 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell. | |||||
CVE-2024-0166 | 1 Dell | 1 Unity Operating Environment | 2024-02-28 | N/A | 7.8 HIGH |
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges. | |||||
CVE-2023-51099 | 1 Tenda | 2 W9, W9 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . | |||||
CVE-2023-4221 | 1 Chamilo | 1 Chamilo Lms | 2024-02-28 | N/A | 8.8 HIGH |
Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters. | |||||
CVE-2023-51035 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. | |||||
CVE-2024-22223 | 1 Dell | 1 Unity Operating Environment | 2024-02-28 | N/A | 7.8 HIGH |
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | |||||
CVE-2023-47675 | 1 Cubecart | 1 Cubecart | 2024-02-28 | N/A | 7.2 HIGH |
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | |||||
CVE-2023-47218 | 2024-02-28 | N/A | 5.8 MEDIUM | ||
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | |||||
CVE-2023-51028 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. | |||||
CVE-2023-44279 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-02-28 | N/A | 6.7 MEDIUM |
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker |