Total
5079 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39295 | 1 Qnap | 1 Qumagie | 2024-11-21 | 8.8 High |
| An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later | ||||
| CVE-2023-39294 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 6.6 Medium |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later | ||||
| CVE-2023-39237 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2024-11-21 | 8.8 High |
| ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | ||||
| CVE-2023-39236 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2024-11-21 | 8.8 High |
| ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | ||||
| CVE-2023-39224 | 1 Tp-link | 3 Archer C5, Archer C7, Archer C7 Firmware | 2024-11-21 | 8.0 High |
| Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. | ||||
| CVE-2023-39222 | 1 Furunosystems | 28 Acera 1010, Acera 1010 Firmware, Acera 1020 and 25 more | 2024-11-21 | 8.8 High |
| OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode. | ||||
| CVE-2023-38886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.2 High |
| An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. | ||||
| CVE-2023-38692 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2024-11-21 | 9.8 Critical |
| CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading. | ||||
| CVE-2023-38673 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | 9.6 Critical |
| PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system. | ||||
| CVE-2023-38588 | 1 Tp-link | 2 Archer C3150, Archer C3150 Firmware | 2024-11-21 | 8 High |
| Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | ||||
| CVE-2023-38568 | 1 Tp-link | 2 Archer A10, Archer A10 Firmware | 2024-11-21 | 8.8 High |
| Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | ||||
| CVE-2023-38563 | 1 Tp-link | 5 Archer C1200, Archer C1200 Firmware, Archer C9 and 2 more | 2024-11-21 | 8.8 High |
| Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | ||||
| CVE-2023-38378 | 1 Rigol | 2 Mso5000, Mso5000 Firmware | 2024-11-21 | 9.8 Critical |
| The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application. | ||||
| CVE-2023-38056 | 1 Otrs | 1 Otrs | 2024-11-21 | 7.2 High |
| Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | ||||
| CVE-2023-38033 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2024-11-21 | 8.8 High |
| ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | ||||
| CVE-2023-38032 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2024-11-21 | 8.8 High |
| ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | ||||
| CVE-2023-38031 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2024-11-21 | 8.8 High |
| ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | ||||
| CVE-2023-38027 | 2 Myspotcam, Spotcam Co Ltd | 3 Sense, Sense Firmware, Spotcam Sense | 2024-11-21 | 9.8 Critical |
| SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service. | ||||
| CVE-2023-38025 | 2 Myspotcam, Spotcam Co Ltd | 3 Fhd 2, Fhd 2 Firmware, Spotcam Fhd2 | 2024-11-21 | 9.8 Critical |
| SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service. | ||||
| CVE-2023-37863 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 7.2 High |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. | ||||