Total
3665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42433 | 1 Tp-link | 2 Tl-wr841 Firmware, Tl-wr841n | 2024-02-28 | N/A | 8.0 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17356. | |||||
| CVE-2022-48472 | 1 Huawei | 3 Bisheng-wnm, Bisheng-wnm Firmware, Ota-bisheng Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211. | |||||
| CVE-2023-28394 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2024-02-28 | N/A | 8.8 HIGH |
| Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well. | |||||
| CVE-2023-20022 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | N/A | 6.7 MEDIUM |
| Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | |||||
| CVE-2023-30258 | 1 Magnussolution | 1 Magnusbilling | 2024-02-28 | N/A | 9.8 CRITICAL |
| Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. | |||||
| CVE-2023-2625 | 1 Abb | 2 Txpert Hub Coretec 4, Txpert Hub Coretec 4 Firmware | 2024-02-28 | N/A | 8.0 HIGH |
| A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system. | |||||
| CVE-2022-28491 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2023-20153 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | N/A | 6.7 MEDIUM |
| Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | |||||
| CVE-2023-28392 | 1 Inaba | 8 Ac-wapu-300, Ac-wapu-300-p, Ac-wapu-300-p Firmware and 5 more | 2024-02-28 | N/A | 7.2 HIGH |
| Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow an authenticated user with an administrative privilege to execute an arbitrary OS command. | |||||
| CVE-2023-27394 | 1 Propumpservice | 2 Osprey Pump Controller, Osprey Pump Controller Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts. | |||||
| CVE-2023-20164 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | N/A | 7.2 HIGH |
| Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-37337 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-28716 | 1 Myscada | 1 Mypro | 2024-02-28 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-37173 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | |||||
| CVE-2023-34334 | 1 Ami | 1 Megarac Sp-x | 2024-02-28 | N/A | 8.8 HIGH |
| AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering. | |||||
| CVE-2023-25582 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration. | |||||
| CVE-2023-27407 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2024-02-28 | N/A | 9.9 CRITICAL |
| A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user. | |||||
| CVE-2023-28983 | 1 Juniper | 1 Junos Os Evolved | 2024-02-28 | N/A | 8.8 HIGH |
| An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO. | |||||
| CVE-2023-25313 | 1 Wwbn | 1 Avideo | 2024-02-28 | N/A | 9.8 CRITICAL |
| OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature. | |||||
| CVE-2018-25083 | 1 Pull It Project | 1 Pull It | 2024-02-28 | N/A | 9.8 CRITICAL |
| The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name. | |||||