CVE-2021-20677

UNIVERGE Aspire series PBX UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00 allows a remote authenticated attacker to cause system down and a denial of service DoS condition by sending a specially crafted...

CVE-2021-20677

UNIVERGE Aspire series PBX UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00 allows a remote authenticated attacker to cause system down and a denial of service DoS condition by sending a specially crafted...

CVE-2021-1423

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points AP could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit...

CVE-2021-1370

A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker...

Cisco IOS and IOS XE Input Validation Error Vulnerability (CNVD-2020-31827)

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. An input validation error vulnerability exists in the Tool Command Language Tcl parser in Cisco IOS Software and Cisco IOS XE Software, which stems from a lack of validation of input data. An attacker...

CVE-2020-4271

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897...

CVE-2017-18648

An issue was discovered on Samsung mobile devices with KK4.4.x, L5.x, M6.x, and N7.x software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 November 2017...

The vulnerability of the Windows Defender Security Center application for Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Windows Defender Security Center application for Windows operating systems is related to incorrect handling of objects in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges by executing a specially created command...

The vulnerability of the Windows Defender Security Center application for Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Windows Defender Security Center application for Windows operating systems is related to incorrect handling of objects in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges by executing a specially created command...

The vulnerability of the qmp_guest_file_read function in the QEMU hardware emulation software, related to integer overflow, allows a hacker to cause a service failure.

The vulnerability of the qmpguestfileread function in the QEMU hardware emulation software is related to integer overflow. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a specially crafted QMP agent command through the listening socket...

CVE-2020-4210

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020...

USN-4219-1 libssh vulnerability

It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server...

CVE-2019-5038

An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave...

Nest Labs Openweave-core Weave Tool Code Execution Vulnerability

Openweave-core is a home LAN application stack for asynchronous, symmetric, device-to-device and device-to-cloud communication for control path and data path messaging. A code execution vulnerability in the print-tlv command of the Weave tool in Nest Labs Openweave-core version 4.0.2 can be...

CVE-2019-2299

CVE-2019-2299 is an out-of-bounds write vulnerability triggered by a specially crafted command from a userspace application. The Red Hat advisory and CVE listings confirm the issue affects Qualcomm Snapdragon platforms (e.g., IPQ4019, IPQ8064, IPQ8074, MDM9xxx, MSM8xxx, QCA7xxx, SDx families) and...

Command injection

DISPUTED The QMP guestexec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue...

Design/Logic Flaw

A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The...

CVE-2019-1730 Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must...

The vulnerability in the Bash shell implementation of the Cisco NX-OS network operating system allows a hacker to elevate their privileges to the root level.

The vulnerability of the Bash shell implementation in the Cisco NX-OS network operating system devices relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker to elevate their privileges to root by entering a specially created command in the Bash command...

CVE-2019-1593

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to th...