19 matches found
EUVD-2023-24194
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-9773
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starti...
CVE-2023-20170
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the...
PT-2024-29995 · Aruba · Aruba Access Point
Name of the Vulnerable Software and Affected Versions: Aruba Access Points affected versions not specified Description: Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI...
CVE-2023-20021
Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...
CVE-2023-20023
Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...
Cisco ASA Software CLI Command Injection (cisco-sa-20200226-fxos-ucs-cmdinj)
According to its self-reported version, Cisco ASA Software is affected by a vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this, by including crafted arguments to specific commands, in order to execute arbitrary commands on the underlyi...
Cisco FTD Software CLI Command Injection (cisco-sa-20200226-fxos-ucs-cmdinj)
According to its self-reported version, Cisco FTD Software is affected by a vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this, by including crafted arguments to specific commands, in order to execute arbitrary commands on the underlyi...
CVE-2019-1725
A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...
CVE-2019-1609 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
CVE-2019-1607 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Cisco StarOS CLI Command Injection Vulnerability
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of...
Cisco Nexus Series Switches CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...
Cisco ASR StarOS CLI Command Injection Local Privilege Escalation (cisco-sa-20170705-asrcmd)
According to its self-reported version and model number, the remote Cisco ASR device is affected by a privilege escalation vulnerability in StarOS in the Command Line Interface CLI due to improper sanitization of commands passed to the Linux shell. A local attacker can exploit this, via specially...
Cisco Nexus 5000 Series Switches CLI Command Injection Vulnerability (cisco-sa-20170517-nss)
A vulnerability in the CLI of Cisco NX-OS System Software running on Cisco Nexus 5000 Series Switches could allow an authenticated, local attacker to perform a command injection attack. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, a...
Grandstream GXV3275 < 1.0.3.30 - Multiple Vulnerabilities
The Grandstream GXV3275 is an Android-based VoIP phone. Several vulnerabilities were found affecting this device. The device ships with a default root SSH key, which could be used as a backdoor: /system/root/.ssh cat authorizedkeys Public key portion is: ssh-rsa...