CVE-2025-22398

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root...

CVE-2025-22398

Dell Unity OS (version 5.4 and earlier) contains an OS Command Injection vulnerability that allows an unauthenticated attacker with remote access to execute arbitrary commands as root, potentially taking control of the system. Affected component is the OS command handling in Dell Unity software; ...

CVE-2025-22398

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root...

Dell Unity 操作系统命令注入漏洞

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

Dell Unity 操作系统命令注入漏洞

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

Dell Unity 操作系统命令注入漏洞

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

NETGEAR DC112A 安全漏洞

The Netgear DC112A is a wireless router. The Netgear DC112A suffers from a command injection vulnerability that originates in the usbadv.cgi handling of the deviceName parameter, which can be exploited by an attacker to submit a special request and execute arbitrary commands...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-11330)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that stems from /goform/setprohibiting failing to properly filter constructed command special characters, commands, and so on. An attacker can exploit this...

The vulnerability of the ex_display() function in the Vim text editor allows a hacker to execute arbitrary commands.

The vulnerability of the exdisplay function in the Vim text editor relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details CVEID:CVE-2023-34054 DESCRIPTION: VMware Tanzu Reactor Netty is vulnerable to a denial of service, caused by a flaw when built-in integration with Micrometer is enabled. By sending specially...

Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in the latest IBM Security Verify Governance release. Vulnerability Details CVEID:CVE-2023-33840 DESCRIPTION: IBM Security Verify Governance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

ROS-20250326-05

A vulnerability in the sysexec function of MariaDB software is related to insecure permissions. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands with elevated privileges...

The vulnerability of the SmartFabric OS10 network operating system, related to the lack of data cleaning at the management level, allows a perpetrator to execute arbitrary commands.

The vulnerability of the SmartFabric OS10 network operating system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

PYSEC-2025-116

A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands...

The vulnerability of the setUpgradeFW() function in TOTOLINK EX200 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUpgradeFW function in TOTOLINK EX200 router microprogramming software is related to the improper elimination of special elements during the processing of the FileName parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the setWiFiScheduleCfg() function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a perpetrator to execute arbitrary commands.

The vulnerability of the setWiFiScheduleCfg function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the eHour parameter. Exploiting...

The vulnerability of the setWiFiScheduleCfg() function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a perpetrator to execute arbitrary commands.

The vulnerability of the setWiFiScheduleCfg function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the week parameter. Exploiting...

CVE-2025-29310

An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information...

CVE-2025-29310

An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information...

CVE-2025-29310

The CVE refers to ONOS v2.7.0 where a vulnerability in LLDP packet deserialization can be triggered by a crafted LLDP packet, allowing an attacker to execute arbitrary commands or access network information. Affected component: ONOS 2.7.0 (deserialization path in LLDP handling). Root cause: packe...