NEC Expresscluster X Security Vulnerability

NEC Expresscluster X is a specialized high availability cluster software from Nippon Electric NEC. It is used to initiate a quick restore function and continuously protect critical applications and data. A security vulnerability exists in NEC Expresscluster X version 5.1 and prior versions that...

NEC Expresscluster X Security Vulnerability

NEC Expresscluster X is a specialized high availability cluster software from Nippon Electric NEC. It is used to initiate a quick restore function and continuously protect critical applications and data. A security vulnerability exists in NEC Expresscluster X version 5.1 and prior versions that...

The vulnerability of the FortiSIEM security management system arises from the failure to take measures to neutralize specific elements, allowing attackers to execute arbitrary commands.

The vulnerability of the FortiSIEM security management system exists due to the lack of measures to neutralize specific elements within it. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

NEC Expresscluster X Security Vulnerability

NEC Expresscluster X is a specialized high availability cluster software from Nippon Electric NEC. It is used to initiate a quick restore function and continuously protect critical applications and data. A security vulnerability exists in NEC Expresscluster X version 5.1 and prior versions that...

PT-2023-27013 · Unknown · Clusterpro X +3

Name of the Vulnerable Software and Affected Versions: CLUSTERPRO X versions 5.1 and earlier EXPRESSCLUSTER X versions 5.1 and earlier CLUSTERPRO X SingleServerSafe versions 5.1 and earlier EXPRESSCLUSTER X SingleServerSafe versions 5.1 and earlier Description: The issue allows an attacker to log...

PT-2023-27012 · Unknown · Clusterpro X +3

Name of the Vulnerable Software and Affected Versions: CLUSTERPRO X versions 5.1 and earlier EXPRESSCLUSTER X versions 5.1 and earlier CLUSTERPRO X SingleServerSafe versions 5.1 and earlier EXPRESSCLUSTER X SingleServerSafe versions 5.1 and earlier Description: The issue allows an attacker to log...

VulnCheck KEV: CVE-2001-0537

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL...

CVE-2023-45625

CVE-2023-45625 involves multiple authenticated command injection vulnerabilities in the command line interface, enabling execution of arbitrary commands as a privileged user on the underlying OS. The Red Hat advisory RH:CVE-2023-45625 corroborates the description. The Aruba PSA alert is reference...

Aruba Networks ArubaOS and InstantOS Command Injection Vulnerability

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc. Aruba Networks InstantOS is an Arch Linux-based distribution. Aruba Networks ArubaOS and InstantOS have a security vulnerability that stems from multiple authenticated command injection vulnerabilities i...

The vulnerability of the SolarWinds Orion Platform’s network monitoring software lies in its deserialization mechanism flaws, which allows a hacker to execute arbitrary commands from the web console.

The vulnerability of the SolarWinds Orion Platform’s network monitoring software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands from the web console...

The vulnerability of the microprogrammed remote terminal block INEA ME RTU lies in the lack of measures taken to neutralize special elements used in the operating system’s commands. This allows a perpetrator to execute arbitrary operating system commands.

The vulnerability of the microprogrammed remote terminal block INEA ME RTU exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands...

CVE-2023-4699 Arbitrary Command Execution Vulnerability in Mitsubishi Electric proprietary protocol communication of multiple FA products

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series,...

The vulnerability of the SonicWall NetExtender software for providing remote access allows a intruder to execute arbitrary commands.

The vulnerability of the SonicWall NetExtender software for providing remote access is related to insecure management of privileges. Exploiting this vulnerability could allow a hacker to execute arbitrary commands...

TOTOLINK A3300R file_name parameter command injection vulnerability

The TOTOLINK A3300R is a wireless router manufactured by China's Gion Electronics TOTOLINK for home and small network environments. The TOTOLINK A3300R suffers from a command injection vulnerability that stems from the filename parameter of the UploadFirmwareFile function failing to properly filt...

PT-2023-6891

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation MELSEC-F Series CPU modules affected versions not specified Mitsubishi Electric Corporation MELSEC iQ-F Series affected versions not specified Mitsubishi Electric Corporation MELSEC iQ-R series CPU modules...

The vulnerability of the BIG-IP access control and remote authentication configuration tool allows a perpetrator to execute arbitrary commands.

The vulnerability of the BIG-IP access control and remote authentication configuration tool lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

PT-2023-8661 · Cisco · Cisco Firepower Management Center +1

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software and Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied input in the inter-device communicati...

SUSE CVE-2023-2491

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise...

SUSE CVE-2023-28617

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

TOTOLINK A3300R 安全漏洞

The TOTOLINK A3300R is a wireless router manufactured by China's Gion Electronics TOTOLINK for home and small network environments. The TOTOLINK A3300R suffers from a command injection vulnerability that stems from the filename parameter of the UploadFirmwareFile function failing to properly filt...