Total
3837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22659 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-07-13 | N/A | 7.2 HIGH |
| An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2023-22371 | 1 Milesight | 1 Milesightvpn | 2023-07-13 | N/A | 8.1 HIGH |
| An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-22365 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-07-13 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-25583 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-07-12 | N/A | 7.2 HIGH |
| Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration. | |||||
| CVE-2023-25582 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-07-12 | N/A | 7.2 HIGH |
| Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration. | |||||
| CVE-2023-36622 | 1 Loxone | 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware | 2023-07-11 | N/A | 7.2 HIGH |
| The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter. | |||||
| CVE-2023-3314 | 1 Trellix | 1 Enterprise Security Manager | 2023-07-11 | N/A | 8.8 HIGH |
| A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges. | |||||
| CVE-2023-3313 | 1 Trellix | 1 Enterprise Security Manager | 2023-07-11 | N/A | 7.8 HIGH |
| An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands. | |||||
| CVE-2023-24595 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-07-11 | N/A | 7.2 HIGH |
| An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2023-22299 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-07-10 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-44720 | 1 Ucopia | 2 Wireless Appliance, Wireless Appliance Firmware | 2023-07-08 | N/A | 9.8 CRITICAL |
| An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot. | |||||
| CVE-2023-36143 | 1 Maxprintisp | 2 Maxlink 1200g, Maxlink 1200g Firmware | 2023-07-07 | N/A | 8.8 HIGH |
| Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device. | |||||
| CVE-2023-26613 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2023-07-06 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. | |||||
| CVE-2023-34420 | 1 Lenovo | 1 Xclarity Administrator | 2023-07-06 | N/A | 7.2 HIGH |
| A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. | |||||
| CVE-2023-2625 | 1 Abb | 2 Txpert Hub Coretec 4, Txpert Hub Coretec 4 Firmware | 2023-07-06 | N/A | 8.0 HIGH |
| A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system. | |||||
| CVE-2023-3333 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2023-07-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. | |||||
| CVE-2023-34254 | 1 Glpi-project | 1 Glpi Agent | 2023-07-05 | N/A | 7.2 HIGH |
| The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5. | |||||
| CVE-2023-30261 | 1 Openwb | 1 Openwb | 2023-07-03 | N/A | 9.8 CRITICAL |
| Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request. | |||||
| CVE-2023-35174 | 2 Livebook, Microsoft | 2 Livebook, Windows | 2023-06-29 | N/A | 9.8 CRITICAL |
| Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3. | |||||
| CVE-2022-32765 | 1 Robustel | 2 R1510, R1510 Firmware | 2023-06-29 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||