PT-2021-19258 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 20.4R2-S2-EVO Juniper Networks Junos OS Evolved version 21.1 versions prior to 21.1R2-EVO Juniper Networks Junos OS Evolved version 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO...

Schneider Electric IGSS Missing Authentication Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of commands sent to the server. The issue results from the lack o...

CVE-2021-32999

Improper handling of exceptional conditions in SuiteLink server while processing command 0x01...

Input validation

Improper handling of exceptional conditions in SuiteLink server while processing command 0x01...

CVE-2020-11195

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

Design/Logic Flaw

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

Palo Alto Networks PAN-OS 7.1.x < 8.1.14 / 8.0.x < 8.1.14 / 8.1.x < 8.1.14 / 9.0.x < 9.0.7 / 9.1.x < 9.1.1 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 8.1.14 or 8.0.x prior to 8.1.14 or 8.1.x prior to 8.1.14 or 9.0.x prior to 9.0.7 or 9.1.x prior to 9.1.1. It is, therefore, affected by a vulnerability. - An external control of filename vulnerability in the...

SUSE SLES12 Security Update : ed (SUSE-SU-2020:1608-1)

This update for ed fixes the following security issue : CVE-2017-5357: An invalid free in the regular expression handling of the 'ed' command processing could allow local users to crash ed. bsc1019807 Note that Tenable Network Security has extracted the preceding description block directly from t...

Palo Alto Networks PAN-OS Arbitrary File Deletion Vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. An arbitrary file deletion vulnerability exists in the command processing in Palo Alto Networks PAN-OS, which can be exploited by an attacker to delete arbitrary system files, affecting...

CVE-2020-2003

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8....

Xxe

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8....

CVE-2020-2003 PAN-OS: Authenticated administrator can delete arbitrary system file

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8....

PAN-OS: Authenticated administrator can delete arbitrary system file

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8....

Microsoft Windows: Turn on PowerShell Script Block Logging

This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or throug...

SUSE-SU-2019:14005-1 Security update for ed

This update for ed fixes the following security issues: - CVE-2017-5357: An invalid free in the regular expression handling of the 'ed' command processing could allow local users to crash ed. bsc1019807...

The vulnerability of D-Link and TRENDnet’s microprogrammed router services allows attackers to execute arbitrary commands or bypass authentication mechanisms, thereby gaining full control over the device.

The vulnerability of D-Link and TRENDnet’s microprogrammed router software services is related to deficiencies in the authentication process when processing the ping command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pingaddr parameter...

CVE-2017-9647

A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 PMB 8876 chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015...

CVE-2017-3743

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility ASU, UpdateXpress System Pack Installer UXSPI or Dynamic System Analysis DSA to a second machine, the other users may be able to see the user ID...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

StrutsShell Apache Struts CVE-2017-5638 Shell Introducti...

CVE-2017-3806

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known...