Total
1851 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-45498 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-11-21 | N/A | 9.8 CRITICAL |
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. | |||||
CVE-2023-45466 | 1 Netis-systems | 2 N3m, N3mv2 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. | |||||
CVE-2023-45465 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | |||||
CVE-2023-45356 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2024-11-21 | N/A | 8.8 HIGH |
Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. This is also known as OSFOURK-23719. | |||||
CVE-2023-45355 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2024-11-21 | N/A | 8.8 HIGH |
Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120. | |||||
CVE-2023-45351 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2024-11-21 | N/A | 8.8 HIGH |
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039. | |||||
CVE-2023-45208 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service. | |||||
CVE-2023-45025 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 9.0 CRITICAL |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||
CVE-2023-44959 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. | |||||
CVE-2023-44827 | 1 Easycorp | 3 Zentao, Zentao Biz, Zentao Max | 2024-11-21 | N/A | 8.8 HIGH |
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | |||||
CVE-2023-43891 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. | |||||
CVE-2023-43510 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | N/A | 4.7 MEDIUM |
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise. | |||||
CVE-2023-43477 | 1 Telstra | 2 Arcadyan Lh1000, Arcadyan Lh1000 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. | |||||
CVE-2023-43455 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. | |||||
CVE-2023-43454 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. | |||||
CVE-2023-43453 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. | |||||
CVE-2023-43322 | 1 Zpesystems | 1 Nodegrid Os | 2024-11-21 | N/A | 8.8 HIGH |
ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. | |||||
CVE-2023-43207 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter. | |||||
CVE-2023-43206 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter. | |||||
CVE-2023-43204 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter. |