Total
4643 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43069 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | N/A | 7.8 HIGH |
| Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker. | |||||
| CVE-2023-43068 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | N/A | 7.8 HIGH |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands. | |||||
| CVE-2023-43066 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | N/A | 5.1 MEDIUM |
| Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. | |||||
| CVE-2023-42788 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A | 7.8 HIGH |
| An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command | |||||
| CVE-2023-42664 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-42495 | 1 Dasannetworks | 1 W-web | 2024-11-21 | N/A | 9.8 CRITICAL |
| Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | |||||
| CVE-2023-41838 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A | 7.1 HIGH |
| An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. | |||||
| CVE-2023-41352 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | |||||
| CVE-2023-41348 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | |||||
| CVE-2023-41347 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | |||||
| CVE-2023-41346 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | |||||
| CVE-2023-41345 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services. | |||||
| CVE-2023-41289 | 1 Qnap | 1 Qcalagent | 2024-11-21 | N/A | 6.3 MEDIUM |
| An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later | |||||
| CVE-2023-41288 | 1 Qnap | 1 Video Station | 2024-11-21 | N/A | 8.8 HIGH |
| An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later | |||||
| CVE-2023-41283 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 5.5 MEDIUM |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2023-41282 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 5.5 MEDIUM |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2023-41281 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 5.5 MEDIUM |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2023-41149 | 1 F-revocrm | 1 F-revocrm | 2024-11-21 | N/A | 9.8 CRITICAL |
| F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running. | |||||
| CVE-2023-41109 | 1 Patton | 2 Smartnode Sn200, Smartnode Sn200 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection. | |||||
| CVE-2023-40839 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands. | |||||