Total
2085 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1097 | 1 Baicells | 2 Eg7035-m11, Eg7035-m11 Firmware | 2024-08-02 | 9.3 Critical |
| Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery. | ||||
| CVE-2023-1141 | 1 Deltaww | 1 Infrasuite Device Master | 2024-08-02 | 8.8 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. | ||||
| CVE-2023-0978 | 2 Mcafee, Trellix | 2 Advanced Threat Defense, Intelligent Sandbox | 2024-08-02 | 6.4 Medium |
| A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack | ||||
| CVE-2023-1000 | 2024-08-02 | 6.3 Medium | ||
| A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0861 | 1 Netmodule | 10 Nb1601, Nb1800, Nb1810 and 7 more | 2024-08-02 | 7.2 High |
| NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. | ||||
| CVE-2023-0776 | 1 Baicells | 8 Neutrino 430, Neutrino 430 Firmware, Nova430e and 5 more | 2024-08-02 | 8.1 High |
| Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. | ||||
| CVE-2023-0849 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2024-08-02 | 4.7 Medium |
| A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152. | ||||
| CVE-2023-0789 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 8.1 High |
| Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0649 | 1 Dst-admin Project | 1 Dst-admin | 2024-08-02 | 6.3 Medium |
| A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036. | ||||
| CVE-2023-0646 | 1 Dst-admin Project | 1 Dst-admin | 2024-08-02 | 6.3 Medium |
| A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability. | ||||
| CVE-2023-0638 | 1 Trendnet | 2 Tew-811dru, Tew-811dru Firmware | 2024-08-02 | 7.2 High |
| A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0640 | 1 Trendnet | 2 Tew-652brp, Tew-652brp Firmware | 2024-08-02 | 7.2 High |
| A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020. | ||||
| CVE-2023-0647 | 1 Dst-admin Project | 1 Dst-admin | 2024-08-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0628 | 1 Docker | 1 Docker Desktop | 2024-08-02 | 6.1 Medium |
| Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. | ||||
| CVE-2023-0648 | 1 Dst-admin Project | 1 Dst-admin | 2024-08-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035. | ||||
| CVE-2023-0611 | 1 Trendnet | 2 Tew-652brp, Tew-652brp Firmware | 2024-08-02 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935. | ||||
| CVE-2023-0351 | 1 Akuvox | 2 E11, E11 Firmware | 2024-08-02 | 8.8 High |
| The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an attacker to upload files with executable command instructions. | ||||
| CVE-2023-0315 | 1 Froxlor | 1 Froxlor | 2024-08-02 | 8.8 High |
| Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. | ||||
| CVE-2023-0127 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2024-08-02 | 7.8 High |
| A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. | ||||
| CVE-2023-0093 | 1 Okta | 1 Advanced Server Access | 2024-08-02 | 8.8 High |
| Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment. | ||||