Total
3597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25223 | 1 Sophos | 1 Unified Threat Management | 2023-10-17 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | |||||
| CVE-2021-1514 | 1 Cisco | 23 Catalyst Sd-wan Manager, Sd-wan Vbond Orchestrator, Sd-wan Vmanage and 20 more | 2023-10-16 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges. | |||||
| CVE-2023-30806 | 1 Sangfor | 1 Next-gen Application Firewall | 2023-10-13 | N/A | 9.8 CRITICAL |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie. | |||||
| CVE-2023-30805 | 1 Sangfor | 1 Next-gen Application Firewall | 2023-10-13 | N/A | 9.8 CRITICAL |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter. | |||||
| CVE-2023-36618 | 1 Unify | 1 Session Border Controller | 2023-10-06 | N/A | 8.8 HIGH |
| Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users. | |||||
| CVE-2023-43068 | 1 Dell | 1 Smartfabric Storage Software | 2023-10-06 | N/A | 8.8 HIGH |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands. | |||||
| CVE-2023-43069 | 1 Dell | 1 Smartfabric Storage Software | 2023-10-06 | N/A | 7.8 HIGH |
| Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker. | |||||
| CVE-2023-4401 | 1 Dell | 1 Smartfabric Storage Software | 2023-10-06 | N/A | 8.8 HIGH |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access. | |||||
| CVE-2023-33270 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33269 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33268 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33273 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33272 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-33271 | 1 Dts | 1 Monitoring | 2023-10-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind). | |||||
| CVE-2023-43893 | 1 Netis-systems | 2 N3m, N3m Firmware | 2023-10-04 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. | |||||
| CVE-2023-39222 | 1 Furunosystems | 28 Acera 1010, Acera 1010 Firmware, Acera 1020 and 25 more | 2023-10-04 | N/A | 8.8 HIGH |
| OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode. | |||||
| CVE-2023-43892 | 1 Netis-systems | 2 N3m, N3m Firmware | 2023-10-04 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload. | |||||
| CVE-2023-43890 | 1 Netis-systems | 2 N3m, N3m Firmware | 2023-10-04 | N/A | 8.8 HIGH |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. | |||||
| CVE-2023-3767 | 1 Easyphp | 1 Webserver | 2023-09-27 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter. | |||||
| CVE-2023-40581 | 2 Microsoft, Yt-dlp Project | 2 Windows, Yt-dlp | 2023-09-27 | N/A | 7.8 HIGH |
| yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python's `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\n` will be replaced by `\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain ", | or &. 3. Instead of using --exec, write the info json and load the fields from it instead. | |||||