Total
3060 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49428 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
|
|||||
| CVE-2023-49226 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-11-21 | N/A | 7.2 HIGH |
|
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.
|
|||||
| CVE-2023-49213 | 1 Ironmansoftware | 1 Powershell Universal | 2024-11-21 | N/A | 8.8 HIGH |
|
The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1.
|
|||||
| CVE-2023-49210 | 1 Node-openssl Project | 1 Node-openssl | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2023-49040 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.
|
|||||
| CVE-2023-48801 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.
|
|||||
| CVE-2023-48791 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | N/A | 8.8 HIGH |
|
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
|
|||||
| CVE-2023-48702 | 1 Jellyfin | 1 Jellyfin | 2024-11-21 | N/A | 7.2 HIGH |
|
Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the `/System/MediaEncoder/Path` endpoint executes an arbitrary file using `ProcessStartInfo` via the `ValidateVersion` function. A malicious administrator can setup a network share and supply a UNC path to `/System/MediaEncoder/Path` which points to an executable on the network share, causing Jellyfin server to run the executable in the local context. The endpoint was removed in version 10.8.13.
|
|||||
| CVE-2023-47576 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface.
|
|||||
| CVE-2023-47562 | 1 Qnap | 1 Photo Station | 2024-11-21 | N/A | 7.4 HIGH |
|
An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.2 ( 2023/12/15 ) and later
|
|||||
| CVE-2023-47560 | 1 Qnap | 1 Qumagie | 2024-11-21 | N/A | 7.4 HIGH |
|
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
|
|||||
| CVE-2023-47104 | 2 Linux, Vareille | 2 Linux Kernel, Tiny File Dialogs | 2024-11-21 | N/A | 9.8 CRITICAL |
|
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.
|
|||||
| CVE-2023-46993 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
|
|||||
| CVE-2023-46979 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.
|
|||||
| CVE-2023-46976 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
|
|||||
| CVE-2023-46687 | 1 Emerson | 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.
|
|||||
| CVE-2023-46574 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.
|
|||||
| CVE-2023-46485 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.
|
|||||
| CVE-2023-46484 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.
|
|||||
| CVE-2023-46424 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.
|
|||||
| CVE-2023-46423 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function.
|
|||||
| CVE-2023-46422 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function.
|
|||||
| CVE-2023-46421 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.
|
|||||
| CVE-2023-46420 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function.
|
|||||
| CVE-2023-46419 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function.
|
|||||
| CVE-2023-46418 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function.
|
|||||
| CVE-2023-46417 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function.
|
|||||
| CVE-2023-46416 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function.
|
|||||
| CVE-2023-46415 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function.
|
|||||
| CVE-2023-46414 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function.
|
|||||
| CVE-2023-46413 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.
|
|||||
| CVE-2023-46412 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function.
|
|||||
| CVE-2023-46411 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.
|
|||||
| CVE-2023-46410 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.
|
|||||
| CVE-2023-46409 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.
|
|||||
| CVE-2023-46408 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.
|
|||||
| CVE-2023-46370 | 1 Tenda | 2 W18e, W18e Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.
|
|||||
| CVE-2023-45852 | 1 Viessmann | 2 Vitogate 300, Vitogate 300 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.
|
|||||
| CVE-2023-45625 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-11-21 | N/A | 7.2 HIGH |
|
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2023-45466 | 1 Netis-systems | 2 N3m, N3mv2 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.
|
|||||