Total
2085 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22761 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2024-08-02 | 7.2 High |
| Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | ||||
| CVE-2023-22763 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2024-08-02 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22770 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2024-08-02 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22790 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-08-02 | 7.2 High |
| Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22789 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-08-02 | 7.2 High |
| Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22758 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2024-08-02 | 7.2 High |
| Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | ||||
| CVE-2023-22759 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2024-08-02 | 7.2 High |
| Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | ||||
| CVE-2023-22750 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2024-08-02 | 9.8 Critical |
| There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22788 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2024-08-02 | 7.2 High |
| Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22760 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2024-08-02 | 7.2 High |
| Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. | ||||
| CVE-2023-22762 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2024-08-02 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2023-22747 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2024-08-02 | 9.8 Critical |
| There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22657 | 1 F5 | 2 F5os-a, F5os-c | 2024-08-02 | 7 High |
| On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-22671 | 1 Nsa | 1 Ghidra | 2024-08-02 | 9.8 Critical |
| Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input. | ||||
| CVE-2023-22496 | 1 Netdata | 1 Netdata | 2024-08-02 | 8.1 High |
| Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function `health_alarm_execute` is called. This function performs different checks and then enqueues a command by calling `spawn_enq_cmd`. This command is populated with several arguments that are not sanitized. One of them is the `registry_hostname` of the node for which the alert is raised. By providing a specially crafted `registry_hostname` as part of the health data that is streamed to a Netdata (parent) agent, an attacker can execute arbitrary commands at the remote host as a side-effect of the raised alert. Note that the commands are executed as the user running the Netdata Agent. This user is usually named `netdata`. The ability to run arbitrary commands may allow an attacker to escalate privileges by escalating other vulnerabilities in the system, as that user. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, streaming is not enabled by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability. | ||||
| CVE-2023-22371 | 1 Milesight | 1 Milesightvpn | 2024-08-02 | 8.1 High |
| An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-21778 | 1 Microsoft | 1 Dynamics 365 | 2024-08-02 | 8 High |
| Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability | ||||
| CVE-2023-21805 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2024-08-02 | 7.8 High |
| Windows MSHTML Platform Remote Code Execution Vulnerability | ||||
| CVE-2023-20887 | 1 Vmware | 1 Aria Operations For Networks | 2024-08-02 | 9.8 Critical |
| Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution. | ||||
| CVE-2023-20889 | 1 Vmware | 1 Vrealize Network Insight | 2024-08-02 | 7.5 High |
| Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. | ||||