361 matches found
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities
Multiple vulnerabilities in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary...
CVE-2019-1725
A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...
Input validation
A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...
CVE-2019-1609 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
CVE-2019-1607 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Input validation
A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a...
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...
Cisco Firepower System Software Command Execution Vulnerability
Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A privilege-granting and access-control vulnerability exists in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors, which ste...
CVE-2018-0309
A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol SNMP MIB for Cisco NX-OS in standalone NX-OS mode on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affecte...
Design/Logic Flaw
A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol SNMP MIB for Cisco NX-OS in standalone NX-OS mode on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affecte...
FortiOS local privilege escalation via malicious use of USB storage devices
An admin user with superadmin privileges can execute an arbitrary binary contained on an USB drive plugged to a FortiGate, via linking the aforementioned binary to a command that is allowed to be run by the fnsysctl CLI command...
Command injection
Katello allows remote authenticated users to call the "system removedeletion" CLI command via vectors related to "remove system" permissions...
CVE-2013-4201
Katello allows remote authenticated users to call the "system removedeletion" CLI command via vectors related to "remove system" permissions...
CVE-2013-4201
Katello allows remote authenticated users to call the "system removedeletion" CLI command via vectors related to "remove system" permissions...
CVE-2013-4201
CVE-2013-4201 affects Red Hat Katello. Connected CNVD-2018-10937 indicates Katello vulnerability allowing remote authenticated users to invoke the system remove_deletion CLI command via vectors tied to remove system permissions. The NVD entry describes remote authentication with system removal ca...
CVE-2018-1000169
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to...
CVE-2018-1000169
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to...
Command injection
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command...