Total
2839 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0118 | 2 Redhat, Theforeman | 3 Enterprise Linux, Satellite, Foreman | 2023-09-22 | N/A | 9.1 CRITICAL |
| An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. | |||||
| CVE-2022-47555 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2023-09-22 | N/A | 8.8 HIGH |
| ** UNSUPPPORTED WHEN ASSIGNED ** Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor. | |||||
| CVE-2023-30013 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-09-21 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | |||||
| CVE-2023-35850 | 1 Sun.net | 1 Wmpro | 2023-09-20 | N/A | 7.2 HIGH |
| SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service. | |||||
| CVE-2023-28614 | 1 Freewillsolutions | 1 Smart Trade | 2023-09-20 | N/A | 9.8 CRITICAL |
| Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page. | |||||
| CVE-2020-11978 | 1 Apache | 1 Airflow | 2023-09-19 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable. | |||||
| CVE-2023-36642 | 1 Fortinet | 1 Fortitester | 2023-09-15 | N/A | 7.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2022-35849 | 1 Fortinet | 1 Fortiadc | 2023-09-15 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2023-4873 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2023-09-13 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-239358 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-39237 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2023-09-12 | N/A | 8.8 HIGH |
| ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | |||||
| CVE-2023-38032 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2023-09-12 | N/A | 8.8 HIGH |
| ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | |||||
| CVE-2023-38033 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2023-09-12 | N/A | 8.8 HIGH |
| ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | |||||
| CVE-2023-39236 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2023-09-12 | N/A | 8.8 HIGH |
| ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | |||||
| CVE-2023-38031 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2023-09-12 | N/A | 8.8 HIGH |
| ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | |||||
| CVE-2021-36023 | 1 Magento | 1 Magento | 2023-09-11 | N/A | 7.2 HIGH |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. | |||||
| CVE-2023-40357 | 1 Tp-link | 8 Archer A10, Archer A10 Firmware, Archer Ax10 and 5 more | 2023-09-11 | N/A | 8.0 HIGH |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'. | |||||
| CVE-2023-40531 | 1 Tp-link | 2 Archer Ax6000, Archer Ax6000 Firmware | 2023-09-11 | N/A | 8.0 HIGH |
| Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-39935 | 1 Tp-link | 2 Archer C5400, Archer C5400 Firmware | 2023-09-11 | N/A | 8.0 HIGH |
| Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-40193 | 1 Tp-link | 2 Deco M4, Deco M4 Firmware | 2023-09-11 | N/A | 8.0 HIGH |
| Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-39224 | 1 Tp-link | 2 Archer C7, Archer C7 Firmware | 2023-09-11 | N/A | 8.0 HIGH |
| Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. | |||||