Total
1690 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46416 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function. | |||||
| CVE-2023-46415 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function. | |||||
| CVE-2023-46414 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function. | |||||
| CVE-2023-46413 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function. | |||||
| CVE-2023-46412 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function. | |||||
| CVE-2023-46411 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function. | |||||
| CVE-2023-46410 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function. | |||||
| CVE-2023-46409 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function. | |||||
| CVE-2023-46408 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function. | |||||
| CVE-2023-43510 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-11-01 | N/A | 6.3 MEDIUM |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise. | |||||
| CVE-2023-38193 | 1 Superwebmailer | 1 Superwebmailer | 2023-10-28 | N/A | 8.8 HIGH |
| An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line. | |||||
| CVE-2023-46574 | 1 Totolink | 2 A3700r, A3700r Firmware | 2023-10-27 | N/A | 9.8 CRITICAL |
| An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. | |||||
| CVE-2022-36786 | 1 Dlink | 2 Dsl-224, Dsl-224 Firmware | 2023-10-25 | N/A | 9.9 CRITICAL |
| DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. | |||||
| CVE-2021-41116 | 2 Getcomposer, Tenable | 2 Composer, Tenable.sc | 2023-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue. | |||||
| CVE-2023-21413 | 1 Axis | 1 Axis Os | 2023-10-20 | N/A | 7.2 HIGH |
| GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-45465 | 1 Netis-systems | 2 N3m, N3m Firmware | 2023-10-19 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | |||||
| CVE-2023-36954 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2023-10-19 | N/A | 9.8 CRITICAL |
| TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | |||||
| CVE-2023-36953 | 1 Totolink | 2 Cp300\+, Cp300\+ Firmware | 2023-10-19 | N/A | 9.8 CRITICAL |
| TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | |||||
| CVE-2023-45852 | 1 Viessmann | 2 Vitogate 300, Vitogate 300 Firmware | 2023-10-18 | N/A | 9.8 CRITICAL |
| In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. | |||||
| CVE-2023-26320 | 1 Mi | 2 Xiaomi Router Ax3200, Xiaomi Router Ax3200 Firmware | 2023-10-16 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | |||||