63 matches found
CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent...
Palo Alto Networks Cortex XDR 安全漏洞
Palo Alto Networks Cortex XDR is an extended detection and response platform that natively integrates network, endpoint, cloud, and third-party data from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks Cortex XDR that originates from a local user executing a...
PT-2022-24135 · Aruba · Arubaos
Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: The issue concerns authenticated command injection vulnerabilities in the command line interface of ArubaOS. Successful exploitation allows attackers to execute arbitrary commands as a...
CVE-2022-22233 Junos OS and Junos OS Evolved: In an SR to LDP interworking scenario, with SRMS, when a specific low privileged command is issued on an ABR rpd will crash
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. In Segment Routing SR to Label Distribution Protocol L...
GSD-2022-1005738 xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
xen/privcmd: fix error exit of privcmdioctldmop This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.140 by commit...
CVE-2022-23683
Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete...
Fortinet FortiExtender 操作系统命令注入漏洞
Fortinet FortiExtender is a wireless WAN extender appliance from Fortinet, Inc. A command injection vulnerability exists in Fortinet FortiExtender, which can be exploited by an authenticated attacker to execute privileged shell commands via CLI commands...
CVE-2020-28970
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. In addition, an upload endpoint could then be used by an authenticated...
CVE-2020-4636
IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503...
CVE-2020-6871
The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects:...
The vulnerability of Siemens Sinumerik programmable logic controllers lies in errors in control of resolution settings, which allows a intruder to exploit a privileged command to gain enhanced privileges.
The vulnerability of Siemens Sinumerik programmable logic controllers is related to errors in privilege management. Exploiting this vulnerability could allow an attacker to use a privileged application command to elevate user privileges, but not to the level of root...
Lenovo XClarity Administrator Parameter Injection Vulnerability
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The solution supports simplified infrastructure management, faster server response, and improved performance of Lenovo server systems. A parameter injection vulnerability exists in the Web API in...
Design/Logic Flaw
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system...
CVE-2018-9066
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system...
CVE-2018-9066
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system...
The vulnerability of the software tools for backup and data restoration in NetBackup Appliance and NetBackup allows a malicious individual to execute arbitrary commands in a privileged mode. This vulnerability is related to deficiencies in access control.
The vulnerability of software tools for backup and data restoration in NetBackup Appliance and NetBackup lies in the lack of access control mechanisms root/admin privileges. Exploiting this vulnerability allows a malicious actor to remotely copy any file and execute arbitrary commands with...
CVE-2017-6406
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur...
Design/Logic Flaw
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur on the local system...
CVE-2017-6400
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur on the local system...
CVE-2017-6400
CVE-2017-6400 affects Veritas NetBackup Server/Client (and NetBackup Appliance) before versions 7.7.2 and 2.7.2 respectively. The issue enables privileged command execution on the local system. Based on the sources, the vulnerability arises on local access with low complexity and no authenticatio...