Total
3597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46117 | 1 Six2dez | 1 Reconftw | 2023-10-28 | N/A | 8.8 HIGH |
| reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-33839 | 1 Ibm | 1 Security Verify Governance | 2023-10-28 | N/A | 8.8 HIGH |
| IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. | |||||
| CVE-2023-43066 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2023-10-28 | N/A | 7.8 HIGH |
| Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. | |||||
| CVE-2023-23373 | 1 Qnap | 1 Qusbcam2 | 2023-10-26 | N/A | 8.8 HIGH |
| An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 ( 2023/06/15 ) and later | |||||
| CVE-2023-40145 | 1 Weintek | 14 Cmt-fhd, Cmt-fhd Firmware, Cmt-hdm and 11 more | 2023-10-26 | N/A | 8.8 HIGH |
| In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device. | |||||
| CVE-2023-2564 | 1 Scanservjs Project | 1 Scanservjs | 2023-10-25 | N/A | 10.0 CRITICAL |
| OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | |||||
| CVE-2020-2276 | 1 Jenkins | 1 Selection Tasks | 2023-10-25 | 9.0 HIGH | 8.8 HIGH |
| Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. | |||||
| CVE-2020-2261 | 1 Jenkins | 1 Perfecto | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | |||||
| CVE-2020-2200 | 1 Jenkins | 1 Play Framework | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | |||||
| CVE-2020-2159 | 1 Jenkins | 1 Cryptomove | 2023-10-25 | 9.0 HIGH | 8.8 HIGH |
| Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | |||||
| CVE-2019-10392 | 1 Jenkins | 1 Git Client | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | |||||
| CVE-2023-3991 | 1 Freshtomato | 1 Freshtomato | 2023-10-20 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2023-45467 | 1 Netis-systems | 2 N3m, N3m Firmware | 2023-10-19 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. | |||||
| CVE-2023-45158 | 1 Web2py | 1 Web2py | 2023-10-18 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product. | |||||
| CVE-2023-32976 | 1 Qnap | 1 Container Station | 2023-10-18 | N/A | 7.2 HIGH |
| An OS command injection vulnerability has been reported to affect Container Station. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Container Station 2.6.7.44 and later | |||||
| CVE-2023-27380 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2023-10-18 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-28381 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2023-10-18 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-34356 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2023-10-18 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-35193 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2023-10-18 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8. | |||||
| CVE-2023-35194 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2023-10-18 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`. | |||||