CVE-2025-20124

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...

Cisco AsyncOS 输入验证错误漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. An input validation error vulnerability exists in Cisco AsyncOS, which stems from insufficient validation of an XML configuration file, and can be exploited by an authenticated remote attacker to upload specially crafted files...

iocharger 安全漏洞

iocharger is an electric vehicle charging and smart energy management solution from the Chinese company Galaxy Zhangtan iocharger. A security vulnerability exists in iocharger versions prior to 25010801, which stems from an unsatisfactory neutralization of a special element used in a command, whi...

iocharger 安全漏洞

iocharger is an electric vehicle charging and smart energy management solution from the Chinese company Galaxy Zhangtan iocharger. A security vulnerability exists in iocharger versions prior to 24120701, which stems from an unsatisfactory neutralization of a special element used in a command, whi...

iocharger 安全漏洞

iocharger is an electric vehicle charging and smart energy management solution from the Chinese company Galaxy Zhangtan iocharger. A security vulnerability exists in iocharger versions prior to 24120701, which stems from an unsatisfactory neutralization of a special element used in a command, whi...

vivo ABE service 安全漏洞

vivo ABE service is a cell phone service program from the Chinese company Vivo. A security vulnerability exists in vivo ABE service, which stems from a flaw in the validation of input parameters, which allows an attacker to enter carefully constructed commands to cause ABE service to execute some...

PT-2024-35974 · Barco · Barco Clickshare Core +5

Name of the Vulnerable Software and Affected Versions: Barco ClickShare CX-30/20, C-5/10, ClickShare Bar Pro, and Core models versions prior to 2.21.1 Description: An injection vulnerability allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution a...

PT-2024-9475 · Advantech · Advantech Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A vulnerability was discovered in the "edgserver" service of Advantech's...

Enel X Waybox 安全漏洞

The Enel X Waybox is a home charging station from Enel X, Inc. A security vulnerability exists in version 3.0 of the Enel X Waybox that stems from incorrect file ownership of the Privileged Services Library, which results in an attacker would be able to execute arbitrary operating system commands...

CVE-2024-20424

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...

CVE-2024-20374

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating...

CVE-2024-20461

A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is not properly sanitized. An attacker could exploit...

PT-2024-7340 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter

Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Series Analog Telephone Adapter firmware affected versions not specified Description: The issue exists due to the lack of proper sanitization of CLI input, allowing an attacker to execute arbitrary commands as the root user by...

PT-2024-7342 · Cisco · Cisco Ata 190

Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker with high privileges to...

CVE-2024-9464

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2024-2574)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : cups (EulerOS-SA-2024-2499)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the...

VulnCheck KEV: CVE-2022-31814

pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2024-2384)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : cups (EulerOS-SA-2024-2384)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the...