Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31476 | 1 Gl-inet | 4 Gl-mv1000, Gl-mv1000 Firmware, Gl-mv1000w and 1 more | 2024-08-02 | 7.5 High |
| An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www). | ||||
| CVE-2023-31529 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2024-08-02 | 8.8 High |
| Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter. | ||||
| CVE-2023-31530 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2024-08-02 | 8.8 High |
| Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter. | ||||
| CVE-2023-31528 | 1 Motorola | 2 Cx2l, Cx2l Firmware | 2024-08-02 | 8.8 High |
| Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter. | ||||
| CVE-2023-31208 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-08-02 | 8.3 High |
| Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | ||||
| CVE-2023-30638 | 1 Atos | 3 Unify Openscape Bcf, Unify Openscape Branch, Unify Openscape Session Border Controller | 2024-08-02 | 7.2 High |
| Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands. | ||||
| CVE-2023-30623 | 1 Wip Project | 1 Wip | 2024-08-02 | 8.8 High |
| `embano1/wip` is a GitHub Action written in Bash. Prior to version 2, the `embano1/wip` action uses the `github.event.pull_request.title` parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This vulnerability can be triggered by any user on GitHub. They just need to create a pull request with a commit message containing an exploit. (Note that first-time PR requests will not be run - but the attacker can submit a valid PR before submitting an invalid PR). The commit can be genuine, but the commit message can be malicious. This can be used to execute code on the GitHub runners and can be used to exfiltrate any secrets used in the CI pipeline, including repository tokens. Version 2 has a fix for this issue. | ||||
| CVE-2023-30535 | 1 Snowflake | 1 Snowflake Jdbc | 2024-08-02 | 7.3 High |
| Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. The vulnerability was patched on March 17, 2023 as part of Snowflake JDBC driver Version 3.13.29. All users should immediately upgrade the Snowflake JDBC driver to the latest version: 3.13.29. | ||||
| CVE-2023-30353 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2024-08-02 | 9.8 Critical |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document. | ||||
| CVE-2023-30400 | 1 Anyka | 2 Ak3918ev300, Ak3918ev300 Firmware | 2024-08-02 | 9.8 Critical |
| An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID or password. | ||||
| CVE-2023-30135 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-08-02 | 9.8 Critical |
| Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. | ||||
| CVE-2023-30260 | 1 Raspap | 1 Raspap | 2024-08-02 | 8.8 High |
| Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. | ||||
| CVE-2023-29855 | 1 Wbce | 1 Wbce Cms | 2024-08-02 | 7.2 High |
| WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. | ||||
| CVE-2023-29800 | 1 Totolink | 2 X18, X18 Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | ||||
| CVE-2023-29802 | 1 Totolink | 2 X18, X18 Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | ||||
| CVE-2023-29803 | 1 Totolink | 2 X18, X18 Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | ||||
| CVE-2023-29798 | 1 Totolink | 2 X18, X18 Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | ||||
| CVE-2023-29799 | 1 Totolink | 2 X18, X18 Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | ||||
| CVE-2023-29801 | 1 Totolink | 2 X18, X18 Firmware | 2024-08-02 | 9.8 Critical |
| TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | ||||
| CVE-2023-29566 | 2 Dawnsparks-node-tesseract Project, Huedawn-tesseract Project | 2 Dawnsparks-node-tesseract, Huedawn-tesseract | 2024-08-02 | 9.8 Critical |
| huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | ||||