Total
5132 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35895 | 1 Ibm | 1 Informix Jdbc | 2024-11-21 | 6.3 Medium |
| IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116. | ||||
| CVE-2023-35893 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-11-21 | 9.9 Critical |
| IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824. | ||||
| CVE-2023-35861 | 1 Supermicro | 330 H12dgo-6, H12dgo-6 Firmware, H12dgq-nt6 and 327 more | 2024-11-21 | 9.8 Critical |
| A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. | ||||
| CVE-2023-35850 | 1 Sun.net | 1 Wmpro | 2024-11-21 | 7.2 High |
| SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service. | ||||
| CVE-2023-35762 | 1 Inea | 2 Me Rtu, Me Rtu Firmware | 2024-11-21 | 9.9 Critical |
| Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution. | ||||
| CVE-2023-35138 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | ||||
| CVE-2023-35019 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 7.2 High |
| IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873. | ||||
| CVE-2023-34993 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 9.6 Critical |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | ||||
| CVE-2023-34989 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
| CVE-2023-34988 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
| CVE-2023-34987 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
| CVE-2023-34986 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
| CVE-2023-34985 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | ||||
| CVE-2023-34215 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-11-21 | 7.2 High |
| TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices. | ||||
| CVE-2023-34214 | 1 Moxa | 7 Edr-810, Edr-g902, Edr-g903 and 4 more | 2024-11-21 | 7.2 High |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. | ||||
| CVE-2023-34213 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-11-21 | 8.8 High |
| TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. | ||||
| CVE-2023-34141 | 1 Zyxel | 52 Atp, Nxc2500, Nxc2500 Firmware and 49 more | 2024-11-21 | 8 High |
| A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance. | ||||
| CVE-2023-34139 | 1 Zyxel | 32 Usg 2200-vpn, Usg 2200-vpn Firmware, Usg Flex 100 and 29 more | 2024-11-21 | 8.8 High |
| A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device. | ||||
| CVE-2023-34138 | 1 Zyxel | 48 Atp Firmware, Usg20w-vpn Firmware, Usg 20w-vpn and 45 more | 2024-11-21 | 8 High |
| A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance. | ||||
| CVE-2023-34116 | 1 Zoom | 1 Zoom | 2024-11-21 | 8.2 High |
| Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. | ||||