The vulnerability of the Apache Hadoop distributed development and execution platform, related to insecure privilege management, allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the Apache Hadoop distributed development and execution platform is related to insecure privilege management. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges remotely...

CVE-2019-16733

processCommandSetUid in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user...

Command injection

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access...

[SECURITY] Fedora 29 Update: sudo-1.8.28-1.fc29

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

CVE-2019-17499

The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the TargetIP parameter...

The vulnerability of the multi-connection mode of the Microprogrammable Network Interface Device Firepower Threat Defense (FTD) allows a attacker to exit the container for their own instance of FTD and execute arbitrary commands with root privileges.

The vulnerability of the multi-connection mode of the Firepower Threat Defense FTD software relates to security configuration errors. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges from within the FTD instance...

CVE-2019-12690

A vulnerability in the web UI of the Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of...

The vulnerability of the command-line interface (CLI) of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface CLI of Cisco Enterprise NFV Infrastructure Software NFVIS is related to insufficient testing of arguments passed to certain CLI commands. Exploiting this vulnerability could allow a attacker to execute arbitrary commands with root privileges...

Cisco Integrated Management Controller Command Injection Vulnerability (CNVD-2019-28400)

The Cisco Integrated Management Controller IMC is a baseboard management controller that provides embedded server management for Cisco UCS? C Series rackmount servers and Cisco S Series storage servers. A command injection vulnerability exists in the web-based management interface of the Cisco...

CVE-2019-1936

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root use...

CVE-2019-1865

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. The vulnerability is due to insufficient validation...

CVE-2019-1767

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with...

CVE-2019-1728

A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of...

PT-2019-2370 · Cisco · Cisco Nx-Os +1

Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software affected versions not specified Description: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying...

Cisco NX-OS Command Injection Vulnerability (CNVD-2019-14614)

Cisco NX-OS is the network operating system for the Cisco Nexus family of Ethernet switches and the MDS family of Fibre Channel storage area network switches. A command injection vulnerability exists in the CLI of Cisco NX-OS. The vulnerability stems from insufficient validation of parameters...

CVE-2018-19639

If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing e.g. with CVE-2018-19638 he can execute arbitrary commands as root...

CVE-2019-7301

Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=ViewCert certname parameter...

CVE-2019-1652

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...

CVE-2018-11077

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially...

The vulnerability in the implementation of DHCP clients for Red Hat Enterprise Linux and Fedora allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of DHCP-client implementations for Red Hat Enterprise Linux and Fedora arises due to insufficient cleaning of input data. Operating these systems may allow a malicious actor to execute arbitrary commands with root privileges remotely...