UBUNTU-CVE-2025-38314

In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Fix result size returned for the admin command completion The result size returned by virtiopciadmindevpartsget is 8 bytes larger than the actual result data size. This occurs because the resultsgsize field of the...

CVE-2025-38314 virtio-pci: Fix result size returned for the admin command completion

In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Fix result size returned for the admin command completion The result size returned by virtiopciadmindevpartsget is 8 bytes larger than the actual result data size. This occurs because the resultsgsize field of the...

CVE-2025-38314

CVE-2025-38314 affects the Linux kernel’s virtio-pci admin command path. The issue was that virtio_pci_admin_dev_parts_get() reported a result size 8 bytes larger than the actual data because result_sg_size was filled with virtqueue_get_buf() length (data + 8 bytes status). The oversized size cou...

CVE-2009-1178

Unspecified vulnerability in the server in IBM Tivoli Storage Manager TSM 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."...

Rebuild 安全漏洞

Rebuild is a highly customizable enterprise management system from getrebuild open source. A security vulnerability exists in Rebuild v3.9.0 through v3.9.3, which stems from an SQL injection in the /admin/admin-cli/exec component...

PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deploye...

CVE-2020-4074

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6...

CVE-2024-9916

A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The...

PT-2024-38373 · Avaya · Avaya Aura System Manager

Name of the Vulnerable Software and Affected Versions: Avaya Aura System Manager versions 10.1.x.x through 10.2.x.x Avaya Aura System Manager versions prior to 10.1 Description: A SQL injection issue was discovered, allowing a command line interface user with administrative privileges to execute...

VulnCheck KEV: CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

CVE-2023-38729

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMINCMD with IMPORT or EXPORT...

PT-2024-12763 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue concerns sensitive information disclosure when using ADMIN CMD with IMPORT or EXPORT. This affects the specified versions of...

IBM Db2 信息泄露漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an information disclosure vulnerability that originates when ADMINCMD is used in conjunction with IMPORT o...

CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

CVE-2023-40368

IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456...

IBM Storage Scale Security Vulnerability

IBM Storage Scale is a storage solution from International Business Machines IBM designed to help organizations efficiently manage and scale storage resources to meet growing data storage needs. A security vulnerability exists in IBM Storage Protect versions 8.1.0.0 through 8.1.19.0, which stems...

PT-2023-5576 · Solarwinds · Solarwinds Orion Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: The issue is related to the use of dangerous methods or functions in the SolarWinds Orion Platform, which can allow an attacker to execute arbitrary commands with NETWORK...

Multiple vulnerabilities in Proself

Overview Proself provided by North Grid Corporation is an online storage server software. Proself contains multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-39415 OS command injection CWE-78 - CVE-2023-39416 The developer states that attacks exploiting these...

CVE-2023-23843

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands...

CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...