Total
4064 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40253 | 1 Genians | 2 Genian Nac, Genian Ztna | 2024-11-21 | 6 Medium |
| Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | ||||
| CVE-2023-40193 | 1 Tp-link | 2 Deco M4, Deco M4 Firmware | 2024-11-21 | 8.0 High |
| Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | ||||
| CVE-2023-40145 | 1 Weintek | 14 Cmt-fhd, Cmt-fhd Firmware, Cmt-hdm and 11 more | 2024-11-21 | 8.8 High |
| In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device. | ||||
| CVE-2023-40144 | 1 Cbc | 46 Dr-16f42a, Dr-16f42a Firmware, Dr-16f45at and 43 more | 2024-11-21 | 8.8 High |
| OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. | ||||
| CVE-2023-40072 | 1 Elecom | 4 Wab-s300, Wab-s300 Firmware, Wab-s600-ps and 1 more | 2024-11-21 | 8.8 High |
| OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. | ||||
| CVE-2023-40069 | 1 Elecom | 10 Wrc-1167ghbk2, Wrc-1167ghbk2 Firmware, Wrc-1750ghbk and 7 more | 2024-11-21 | 9.8 Critical |
| OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions. | ||||
| CVE-2023-3991 | 1 Freshtomato | 1 Freshtomato | 2024-11-21 | 10 Critical |
| An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2023-3975 | 2 Diagrams, Jgraph | 2 Drawio, Drawio | 2024-11-21 | 9.8 Critical |
| OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0. | ||||
| CVE-2023-3974 | 2 Diagrams, Jgraph | 2 Drawio, Drawio | 2024-11-21 | 9.8 Critical |
| OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. | ||||
| CVE-2023-3939 | 2024-11-21 | 10 Critical | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other. | ||||
| CVE-2023-3767 | 1 Easyphp | 1 Webserver | 2024-11-21 | 9.8 Critical |
| An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter. | ||||
| CVE-2023-3741 | 1 Nec | 44 Itk-12d-1\(bk\)tel, Itk-12d-1\(bk\)tel Firmware, Itk-12d-1p\(bk\)tel and 41 more | 2024-11-21 | 9.8 Critical |
| An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device. | ||||
| CVE-2023-3608 | 1 Ruijienetworks | 2 Bcr810w, Bcr810w Firmware | 2024-11-21 | 4.7 Medium |
| A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233477 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3607 | 1 Kodcloud | 1 Kodbox | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in kodbox 1.26. It has been declared as critical. This vulnerability affects the function Execute of the file webconsole.php.txt of the component WebConsole Plug-In. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3606 | 1 Tamronos | 1 Tamronos | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233475. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3573 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 8.8 High |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device. | ||||
| CVE-2023-3572 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 10 Critical |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device. | ||||
| CVE-2023-3571 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 8.8 High |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device. | ||||
| CVE-2023-3570 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 8.8 High |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device. | ||||
| CVE-2023-3454 | 2024-11-21 | 8.6 High | ||
| Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch. | ||||