CVE-2021-39826

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability (CVE-2021-39826). An authenticated attacker could execute commands by convincing a user to open a malicious .epub file; user interaction is required. The issue is cited across multiple ...

CVE-2021-34729

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI...

Security Bulletin: GNU C Library (glibc) Vulnerability Affects Power Hardware Management Console (CVE-2015-0235, CVE-2014-6040, CVE-2014-7817)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects Power Hardware Management Console. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted...

The vulnerability of the CLI component of the Cisco IOS XR operating system, allowing a hacker to execute arbitrary commands

The vulnerability of the CLI component of the Cisco IOS XR operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

The vulnerability of the CLI component of the Cisco IOS XR operating system, allowing a hacker to execute arbitrary commands

The vulnerability of the CLI component of the Cisco IOS XR operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

Cisco IOS XE SD-WAN Software 安全漏洞

Cisco IOS XE SD-WAN Software is a Cisco software for network management software-defined networking for the Cisco IOS XE network operating system. A security vulnerability exists in Cisco IOS XE SD-WAN Software, which is caused by insufficient boundary checking when processing traffic on an...

rubygem-rdoc: Command injection vulnerability in RDoc

An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...

CVE-2021-41383

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...

CVE-2021-41315

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker with access to the console application to execute arbitrary OS commands and escalate privileges...

The vulnerability of the software’s image generation function for monitoring IT infrastructure in Centreon allows a hacker to execute arbitrary SQL commands.

The vulnerability of the software’s image generation function for monitoring IT infrastructure in Centreon relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by executing the script...

The vulnerability of the SonicWall Network Security Manager (NSM) application for managing network firewalls, threat detection, and risk assessment arises from its failure to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the SonicWall Network Security Manager application for managing network firewalls, detecting threats and risks is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a maliciou...

openSUSE 15 Security Update : ghostscript (openSUSE-SU-2021:3044-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:3044-1 advisory. - A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and RV345P allows a hacker to execute arbitrary commands.

The vulnerability of the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and RV345P is related to errors in syntax processing during HTTP request handling. Exploiting this vulnerability allows a malicious actor to execute arbitrary command...

[ASA-202109-3] ghostscript: arbitrary command execution

Arch Linux Security Advisory ASA-202109-3 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-3781 Package : ghostscript Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-2374 Summary ======= The package ghostscript...

CVE-2021-3781

A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highes...

ROS-2-2239

2.2239 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

CVE-2021-37721

CVE-2021-37721 is a remote arbitrary command execution vulnerability affecting Aruba SD-WAN Software and Gateways and ArubaOS. Affected versions include Aruba SD-WAN Software prior to 8.6.0.4-2.2.0.4 and prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25; Aruba has released patches...

Buffer overflow

A buffer overflow issue was discovered in ZOOK solutionremote administration tool through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command...

ZOOK 安全漏洞

ZOOK is a Korean remote control service program that can control a remote PC from an Android phone. A security vulnerability exists in the ZOOK solution remote administration tool that stems from a lack of boundary checking. The vulnerability allows an attacker to execute remote arbitrary command...

CVE-2020-18048

An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field...