Lucene search
K

28 matches found

OSV
OSV
added 2022/08/08 3:15 p.m.4 views

CVE-2022-36265

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...

7.2CVSS7.2AI score0.0106EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/07/20 4:0 p.m.3 views

CVE-2022-20897

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

7.2CVSS7.5AI score0.00876EPSS
Exploits0References2
OSV
OSV
added 2021/10/27 7:15 p.m.5 views

CVE-2021-34755

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory...

7.8CVSS7.3AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2021/04/08 4:15 a.m.2 views

CVE-2021-1485

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system OS of an affected device. This vulnerability is due to insufficient input validation of...

7.8CVSS7.3AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2020/12/16 2:15 p.m.5 views

CVE-2020-25618

An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root i.e., the use of root privileges is not limited to specific programs listed in the sudoers fi...

8.8CVSS7.4AI score0.02647EPSS
Exploits0References3
CNNVD
CNNVD
added 2020/12/15 12:0 a.m.7 views

Multiple D-Link Router Products Input Validation Error Vulnerability

The D-link DSR-250, among others, is a Unified Services router from China-based AUO D-link. An input validation error vulnerability exists in D-Link DSR VPN routers with firmware 3.14 and 3.17, which stems from a lack of input validation and access control, and could lead to arbitrary input being...

8.8CVSS7.4AI score0.02044EPSS
Exploits0References4
OSV
OSV
added 2018/02/22 10:29 p.m.2 views

CVE-2018-0015

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is...

7.5CVSS5.7AI score0.01074EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/07/07 8:39 a.m.8 views

abrt: default abrt event scripts lead to information disclosure

It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged use...

5.5CVSS5.8AI score0.00424EPSS
Exploits0References4
Rows per page
Query Builder