CVE-2023-6071

CVE-2023-6071 affects Trellix Enterprise Security Manager (ESM) prior to 11.6.9. The issue is an improper neutralization of special elements in a command when adding a new data source, enabling a remote administrator to execute arbitrary code as root. Documents confirm the vulnerability, its root...

Command injection

An improper neutralization of special elements used in an os command 'OS Command Injection' vulnerability CWE-78 in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local...

CVE-2023-4401

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access...

CVE-2023-35071

CVE-2023-35071 is an SQL injection vulnerability in MRV Tech’s Logging Administration Panel, arising from improper neutralization of special elements in SQL commands. Affected: Logging Administration Panel prior to 20230915. Root cause reported as SQL injection flaw; exploitation details are not ...

CVE-2023-36642

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

Command injection

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

CVE-2023-36642

CVE-2023-36642 affects FortiTester management interface, with versions 3.0.0–7.2.3 vulnerable to an OS command injection due to improper neutralization of special elements (CWE-78). An authenticated attacker can execute unauthorized commands by crafting arguments to existing commands. The issue i...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a WLAN memory corruption when sending a transmit command from HLOS to a UTF handler...

Command injection

OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request...

Dangerzone Security Breach

Dangerzone is a software application. There are potentially dangerous PDF files, office documents, pictures and convert them into a secure PDF. Dangerzone 0.4.2 prior to the version of a security vulnerability, the vulnerability stems from the dangerzone-cli command to file cleanup container outp...

Connected IO Parameter Injection Vulnerability

Connected IO is a leading hardware, software and cloud-based IoT and machine-to-machine solution from US-based Connected IO, Inc. A security vulnerability exists in Connected IO ER2000 v2.1.0 and earlier versions, which stems from a parameter injection vulnerability in the AT command in the...

CVE-2023-31926

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0...

Integer Overflow

Klibc is vulnerable to Integer Overflow. The vulnerability exists in the 'cpio' command because it does not properly validate input, allowing an attacker to trigger a buffer overflow...

CVE-2023-3333

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a...

Command injection

OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to...

Command injection

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...

CVE-2023-28000

CVE-2023-28000 : Fortinet FortiADC is affected by a command injection in the diagnose system df CLI command due to improper neutralization of special elements (CWE-78). A local, authenticated attacker can potentially execute unauthorized commands. Affected FortiADC versions: 6.0 through 7.1.0. Th...

CVE-2023-29404

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

CVE-2023-33248

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz often outside the range of human adult hearing. Commands at these frequencies are essentially...

CVE-2023-28394

Beekeeper Studio is affected in versions prior to 3.9.9 by a code-injection vulnerability that allows a remote authenticated attacker to execute arbitrary JavaScript code with the app’s privileges, potentially enabling arbitrary OS commands on the host. Root cause: untrusted JavaScript execution ...