Total
3837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39416 | 1 Northgrid | 1 Proself | 2023-08-23 | N/A | 7.2 HIGH |
| Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands. | |||||
| CVE-2023-39944 | 1 Elecom | 4 Wrc-1750ghbk, Wrc-1750ghbk Firmware, Wrc-f1167acf and 1 more | 2023-08-23 | N/A | 8.8 HIGH |
| OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. | |||||
| CVE-2023-35893 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2023-08-22 | N/A | 8.8 HIGH |
| IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824. | |||||
| CVE-2023-3267 | 1 Cyberpower | 1 Powerpanel Server | 2023-08-22 | N/A | 8.8 HIGH |
| When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server. | |||||
| CVE-2023-33013 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2023-08-22 | N/A | 8.8 HIGH |
| A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | |||||
| CVE-2020-3457 | 1 Cisco | 29 Adaptive Security Appliance Software, Firepower 1000, Firepower 1010 and 26 more | 2023-08-16 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. | |||||
| CVE-2023-3572 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-08-15 | N/A | 9.9 CRITICAL |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device. | |||||
| CVE-2023-37861 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-08-15 | N/A | 8.8 HIGH |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device. | |||||
| CVE-2023-37863 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2023-08-15 | N/A | 7.2 HIGH |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. | |||||
| CVE-2020-3167 | 1 Cisco | 27 Adaptive Security Appliance Software, Firepower 1010, Firepower 1120 and 24 more | 2023-08-15 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. | |||||
| CVE-2023-38208 | 1 Adobe | 1 Commerce | 2023-08-15 | N/A | 7.2 HIGH |
| Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-48582 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2022-48580 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2022-48581 | 1 Sciencelogic | 1 Sl1 | 2023-08-11 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2023-38692 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2023-08-09 | N/A | 9.8 CRITICAL |
| CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading. | |||||
| CVE-2023-33374 | 1 Connectedio | 1 Connected Io | 2023-08-08 | N/A | 9.8 CRITICAL |
| Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution. | |||||
| CVE-2023-33377 | 1 Connectedio | 1 Connected Io | 2023-08-08 | N/A | 9.8 CRITICAL |
| Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices. | |||||
| CVE-2023-33364 | 1 Supremainc | 1 Biostar 2 | 2023-08-08 | N/A | 8.8 HIGH |
| An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server. | |||||
| CVE-2022-23672 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-08-08 | 9.0 HIGH | 7.2 HIGH |
| A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-42890 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | |||||