Lucene search
K

40 matches found

CNNVD
CNNVD
added 2025/01/14 12:0 a.m.4 views

Hewlett Packard Enterprise ArubaOS 安全漏洞

Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS that stems from an authenticated command injection vulnerability that can be successfully exploited to all...

7.2CVSS7.8AI score0.01202EPSS
Exploits0References1
ICS
ICS
added 2024/10/08 12:0 a.m.34 views

Siemens SINEC Security Monitor

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.9CVSS8.2AI score0.0083EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2023/06/14 4:46 p.m.4 views

Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems

The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867 CVSS score: 3.9, "enabled the execution of privileged commands...

9.8CVSS8AI score0.98281EPSS
Exploits7
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.6 views

Aruba Networks InstantOS 命令注入漏洞

Aruba Networks InstantOS is an Arch Linux-based distribution from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks InstantOS and ArubaOS 10, which stems from an authenticated command injection vulnerability in the command line interface that can be exploited by an attacker t...

8.8CVSS8.4AI score0.01664EPSS
Exploits0References2
OSV
OSV
added 2023/03/01 8:15 a.m.7 views

CVE-2023-22758

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to full...

7.2CVSS7.4AI score0.01618EPSS
Exploits0References1
OSV
OSV
added 2023/03/01 8:15 a.m.4 views

CVE-2023-22770

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

7.2CVSS7.3AI score0.01481EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.5 views

PT-2022-24135 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: The issue concerns authenticated command injection vulnerabilities in the command line interface of ArubaOS. Successful exploitation allows attackers to execute arbitrary commands as a...

7.2CVSS7.5AI score0.01693EPSS
Exploits0References4
OSV
OSV
added 2022/09/06 6:15 p.m.5 views

CVE-2022-23683

Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete...

7.2CVSS6.1AI score0.01631EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/27 3:0 p.m.3 views

CVE-2021-44793

Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to...

8.6CVSS7.4AI score0.01367EPSS
Exploits0References3
OSV
OSV
added 2020/07/20 6:15 p.m.4 views

CVE-2020-6871

The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects:...

9.8CVSS7.4AI score0.0188EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/31 12:0 a.m.2 views

Lenovo XClarity Administrator Parameter Injection Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The solution supports simplified infrastructure management, faster server response, and improved performance of Lenovo server systems. A parameter injection vulnerability exists in the Web API in...

9CVSS8.9AI score0.02244EPSS
Exploits0References1
Prion
Prion
added 2018/07/30 4:29 p.m.19 views

Design/Logic Flaw

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system...

9CVSS8.6AI score0.02244EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/07/30 4:29 p.m.20 views

CVE-2018-9066

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system...

9CVSS8.6AI score0.02244EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/30 3:0 p.m.22 views

CVE-2018-9066

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system...

8.7AI score0.02244EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/10/11 12:0 a.m.6 views

The vulnerability of the software tools for backup and data restoration in NetBackup Appliance and NetBackup allows a malicious individual to execute arbitrary commands in a privileged mode. This vulnerability is related to deficiencies in access control.

The vulnerability of software tools for backup and data restoration in NetBackup Appliance and NetBackup lies in the lack of access control mechanisms root/admin privileges. Exploiting this vulnerability allows a malicious actor to remotely copy any file and execute arbitrary commands with...

10CVSS8.1AI score0.05674EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2017/03/02 6:59 a.m.23 views

CVE-2017-6400

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur on the local system...

8.8CVSS8.7AI score0.00444EPSS
Exploits0References2
OSV
OSV
added 2017/03/02 6:59 a.m.4 views

CVE-2017-6406

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur...

8.8CVSS5.8AI score0.00444EPSS
Exploits0References2
Prion
Prion
added 2017/03/02 6:59 a.m.21 views

Design/Logic Flaw

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur on the local system...

7.2CVSS8.6AI score0.00444EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2017/03/02 6:0 a.m.67 views

CVE-2017-6400

CVE-2017-6400 affects Veritas NetBackup Server/Client (and NetBackup Appliance) before versions 7.7.2 and 2.7.2 respectively. The issue enables privileged command execution on the local system. Based on the sources, the vulnerability arises on local access with low complexity and no authenticatio...

8.8CVSS8.9AI score0.00444EPSS
Exploits0References2Affected Software3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

kpopup 0.9.x Privileged Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system3 C-library functi...

7.1AI score
Exploits0
Rows per page
Query Builder