Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47576 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-08-02 | 8.8 High |
| An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface. | ||||
| CVE-2023-47562 | 1 Qnap | 1 Photo Station | 2024-08-02 | 7.4 High |
| An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later | ||||
| CVE-2023-47218 | 2024-08-02 | 5.8 Medium | ||
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-46687 | 1 Emerson | 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more | 2024-08-02 | 9.8 Critical |
| In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. | ||||
| CVE-2023-45625 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-08-02 | 7.2 High |
| Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-45498 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-08-02 | 9.8 Critical |
| VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. | ||||
| CVE-2023-45025 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-08-02 | 9 Critical |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-43455 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-08-02 | 9.8 Critical |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. | ||||
| CVE-2023-43453 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-08-02 | 9.8 Critical |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. | ||||
| CVE-2023-43454 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-08-02 | 9.8 Critical |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. | ||||
| CVE-2023-42326 | 1 Netgate | 2 Pfsense, Pfsense Plus | 2024-08-02 | 8.8 High |
| An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | ||||
| CVE-2023-42117 | 1 Exim | 1 Exim | 2024-08-02 | 8.1 High |
| Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554. | ||||
| CVE-2023-41724 | 1 Ivanti | 2 Sentry, Standalone Sentry | 2024-08-02 | 8.8 High |
| A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. | ||||
| CVE-2023-41334 | 2024-08-02 | 8.4 High | ||
| Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue. | ||||
| CVE-2023-41281 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-08-02 | 5.5 Medium |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-41282 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-08-02 | 5.5 Medium |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-40301 | 1 Netscout | 1 Ngeniuspulse | 2024-08-02 | 9.8 Critical |
| NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. | ||||
| CVE-2023-40263 | 1 Unify | 1 Openscape Voice Trace Manager V8 | 2024-08-02 | 8.8 High |
| An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp. | ||||
| CVE-2023-39509 | 1 Bosch | 4 Cpp13, Cpp13 Firmware, Cpp14 and 1 more | 2024-08-02 | 7.2 High |
| A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. | ||||
| CVE-2023-37679 | 1 Nextgen | 1 Mirth Connect | 2024-08-02 | 9.8 Critical |
| A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. | ||||