CVE-2020-8178

Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...

CVE-2020-8178

Summary: CVE-2020-8178 concerns the npm package jison (versions

CVE-2020-8178

Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...

OS Command Injection

standard-version is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the system due to passing of untrusted user input without validation through the exec function...

Input validation

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all...

CVE-2020-13925

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. Users of all...

CVE-2020-13925

CVE-2020-13925 is a Kylin REST API command injection issue affecting 2.3.x through 3.1.0. The root cause is REST endpoints concatenating user input into OS commands, enabling remote command execution on vulnerable servers. The CVE is linked to CVE-2020-1956 disclosures describing similar REST‑bas...

Palo Alto Networks PAN-OS OS Command Injection Vulnerability

PAN-OS is an operating system designed specifically for the security and control of Palo Alto Networks firewalls, with a rich set of firewall, management and network features. An OS command injection vulnerability exists in the GlobalProtect portal of PAN-OS. An attacker can exploit this...

Command injection

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

CVE-2020-2034

Summary of CVE-2020-2034 : There is an OS command injection vulnerability in the PAN-OS GlobalProtect portal that allows an unauthenticated, network-based attacker to run arbitrary commands with root privileges, provided the GlobalProtect portal feature is enabled. Affected PAN-OS versions includ...

CVE-2020-2034 PAN-OS: OS command injection vulnerability in GlobalProtect portal

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

CVE-2020-2030

CVE-2020-2030 is a PAN-OS OS command injection vulnerability in the management interface. The issue affects PAN-OS 7.1.x and 8.x before 8.1.15; PAN-OS 8.1.15+ and PAN-OS 9.0/9.1, as well as Prisma Access, are not affected. The vulnerability allows an authenticated administrator to execute arbitra...

PAN-OS: OS command injection vulnerability in GlobalProtect portal

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network-based attacker to execute arbitrary OS commands with root privileges. An attacker would require some level of specific information about the configuration of an impacted firewall or perform...

CVE-2020-5352

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system...

CVE-2020-5352

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system...

CVE-2020-5352

Dell EMC Data Protection Advisor (DPA) versions 6.4, 6.5 and 18.1 are affected by an OS command injection vulnerability (CVE-2020-5352). A remote authenticated attacker can execute arbitrary commands on the affected system. The issue is confirmed across multiple feeds (NVD entry and Nessus plugin...

Exploit for OS Command Injection in Factorfx Open_Computer_Software_Inventory_Next_Generation

CVE-2020-14947 The offici...

OS Command Injection

locutus is vulnerable to arbitrary code execution. The PHP function escapeshellarg can be bypassed when used in Locutus, which would allow an attacker to inject and execute arbitrary commands via shell arguments...

OS Command Injection

mversion is vulnerable to OS Command Injection. The vulnerability exists as the value of tagName in lib/git.js is passed to cp.exec without validation or sanitization, allowing an attacker to inject and execute arbitrary code...

Amazon Linux AMI : rubygem-rake (ALAS-2020-1384)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1384 advisory. There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |. CVE-2020-8130 Tenable has extracted the preceding...