Advisory ROSA-SA-2021-1843

Software: git 1.8.3.1 OS: Cobalt 7.9 CVE-ID: CVE-2015-7545 CVE-Crit: CRITICAL CVE-DESC: 1 git-remote-ext and 2 unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict allowed protocols, which could all...

Helpcom 输入验证错误漏洞

Helpcom is an application of Helpcom Korea, Inc. which provides remote control services. a security vulnerability exists in Helpcom, which stems from insufficient parameter validation. An attacker could exploit the vulnerability to execute arbitrary commands...

CVE-2021-23399

CVE-2021-23399 (wincred) affects all versions of the Node.js package wincred. The vulnerability occurs when attacker-controlled input is supplied to the getCredential function, allowing an attacker to execute arbitrary commands due to unsanitized use of the child_process.exec function. This resul...

CVE-2021-23399

This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Weidmueller Industrial WLAN devices operating system command injection vulnerability (CNVD-2021-48131)

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. The Weidmueller Industrial WLAN devices operating system command injection vulnerability can be exploited by an attacker to take full control of the device via specially crafted network configuration information...

CVE-2020-17759

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941...

CVE-2020-17759

CVE-2020-17759 affects the Evernote client for Windows 10, 7, and 2008 via the protocol handler. The vulnerability allows attackers to achieve arbitrary command execution when a user clicks a specially crafted URL. This is the root cause described across multiple connected sources (e.g., NVD entr...

CVE-2020-17759

An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941...

CVE-2021-1571

CVE-2021-1571 affects Cisco Small Business 220 Series Smart Switches’ web-based management interface. The issue stems from improper checks of parameter values, enabling multiple vulnerabilities: session hijacking, potential arbitrary command execution as root, cross-site scripting (XSS), and HTML...

Cisco Small Business 220 Series Smart Switches Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting XSS attac...

The vulnerability of the SetWizardConfig function in D-Link DIR-846 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetWizardConfig function in D-Link DIR-846 router microprogramming software is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created request /HNAP1/...

Citrix Virtual Apps and Desktops multiple vulnerabilities (CTX285059)

The version of Citrix Virtual Apps and Desktops installed on the remote Windows host is prior to 7 2006 or prior to 1912 LTSR CU1. It is, therefore, affected by multiple vulnerabilities: - An authenticated user on a multi-session VDA can perform arbitrary command execution as SYSTEM. CVE-2020-826...

CVE-2021-34546

NetSetMan Pro vulnerability CVE-2021-34546 affects NetSetMan Pro before 5.0 where the pre-logon profile switch button on the Windows logon screen, if enabled, allows an unauthenticated attacker with physical access to drop to an administrative shell and run commands as SYSTEM via the Save log to ...

CVE-2021-20731

The CVE-2021-20731 vulnerability affects Buffalo WSR-1166DHP3 (firmware up to v1.16) and WSR-1166DHP4 (firmware up to v1.02), where an unauthenticated network-adjacent attacker can inject and execute arbitrary OS commands with root privileges. The root cause is an OS command injection flaw in the...

SUSE: Security Advisory (SUSE-SU-2018:2085-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:3293-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:4297-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sharp NEC Displays和Sharp NEC Displays 命令注入漏洞

Sharp NEC Displays is a large screen display from Sharp NEC Corporation, U.S.A. Sharp NEC Displays is a display from Sharp Corporation, Japan that provides a display feature Sharp NEC Displays suffers from a command injection vulnerability that originates when the product does not properly filter...

VulnCheck KEV: CVE-2021-46850

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...

QNAP Systems Video Station 命令注入漏洞

QNAP Systems Video Station is a video management and playback application from QNAP Systems. A command injection vulnerability exists in QNAP Systems Video Station on QTS that could allow a remote attacker to execute arbitrary commands...