CVE-2024-53992 unzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video upload

unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This...

The vulnerability of the protected shell of Microprogramming Software for Cisco Expressway allows a hacker to execute arbitrary code and enhance their privileges.

The vulnerability of the protected layer of Cisco Expressway microprogramming software is related to the lack of measures taken for data cleaning at the management level. Exploiting this vulnerability can allow attackers to execute arbitrary code and elevate their privileges to the root level...

The vulnerability of the SSH and Telnet protocol implementations of the D-Link DSL6740C modem’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of SSH and Telnet protocols implemented by the microprogramming software of the D-Link DSL6740C modem lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the SSH server of Cisco Adaptive Security Appliance’s microprogrammed network interface devices allows a attacker to cause a service failure.

The vulnerability of the SSH server of the microprogrammed network interface devices in Cisco Adaptive Security Appliances ASA is related to an uncontrolled resource consumption. This vulnerability could allow a malicious actor to cause service interruptions remotely...

USN-7052-1: GNOME Shell vulnerabilities

It was discovered that GNOME Shell mishandled extensions that fail to reload, possibly leading to extensions staying enabled on the lock screen. An attacker could possibly use this issue to launch applications, view sensitive information, or execute arbitrary commands. CVE-2017-8288 It was...

USN-7051-1 python-asyncssh vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

The vulnerability of the Bash command shell on the Cisco NX-OS operating system of Cisco Nexus 3000 and Nexus 9000 switches allows a hacker to execute arbitrary commands.

The vulnerability of the Bash command shell on the Cisco NX-OS operating system of Cisco Nexus 3000 and Nexus 9000 switches is related to the absence of authentication. Exploiting this vulnerability allows an attacker to execute arbitrary commands in the basic operating system...

GL.iNet多款产品 操作系统命令注入漏洞

GL.iNet AR750S and others are products of China's Guanglian Intelligent Communication GL.iNet company.GL.iNet AR750S is a router.GL.iNet AR750 is a router.GL.iNet AR300M is a router. An operating system command injection vulnerability exists in several GL.iNet products, which stems from a shell...

The vulnerability of the SSH service on the SmartOS Wi-Fi router AdTran SRG 834-5 allows a attacker to execute arbitrary operating system commands with root privileges.

The vulnerability of the SSH service on the SmartOS Wi-Fi router AdTran SRG 834-5 is related to the use of pre-installed credentials due to incorrect processing of the MAC address sequence. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating syste...

Vulnerability fixed in OpenSSH

The developers of OpenSSH have fixed a vulnerability in OpenSSH The vulnerability allows a malicious party to execute arbitrary code with privileges of the sshd process without prior authentication. It cannot be ruled out that the ssh process is running with elevated privileges, making it possibl...

USN-6859-1 openssh vulnerability

It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials...

The vulnerability of the OpenSSH package on the macOS operating system, which allows a hacker to gain unauthorized access to SSH password credentials

The vulnerability of the OpenSSH package for the macOS operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a hacker to gain unauthorized access to SSH password credentials...

DEBIAN-CVE-2023-51385

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or...

MGASA-2023-0344 Updated fish packages fix a security vulnerability

Mageia 9 is updated to version 3.6.4 to fix CVE-2023-49284. Mageia 8 receives an upstream patch to fix CVE-2023-49284. CVE-2023-49284: fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command...

The vulnerability of Siemens SCALANCE industrial switches’ SSH server allows a hacker to execute a “man-in-the-middle” attack.

The vulnerability of Siemens SCALANCE industrial switches’ SSH server is related to insufficient encryption strength. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...

CVE-2023-48424

U-Boot shell vulnerability resulting in Privilege escalation in a production device...

Privilege escalation

U-Boot shell vulnerability resulting in Privilege escalation in a production device...

PT-2023-30844 · U-Boot · U-Boot

Name of the Vulnerable Software and Affected Versions: U-Boot affected versions not specified Description: The issue is related to a U-Boot shell vulnerability that results in privilege escalation in a production device. Recommendations: At the moment, there is no information about a newer versio...

Red Lion Controls SixTRAK and VersaTRAK Security Vulnerabilities

Red Lion Controls SixTRAK and Red Lion Controls VersaTRAK are the ultimate process controllers with open LINUX software capabilities from Red Lion Controls, Inc. A security vulnerability exists in the Red Lion Controls SixTRAK and VersaTRAK Series RTUs that originated from allowing an...

The vulnerability of the SSH, HTTPS, and MySQL host bastion for the Linux operating system Warpgate allows a hacker to bypass authentication processes due to errors in cryptographic signatures.

The vulnerability of the SSH, HTTPS, and MySQL servers for the Linux operating system targets Warpgate is related to errors in verifying the cryptographic signature. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...