VulnCheck KEV: CVE-2021-45837

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending a specifically crafted input to /tos/index.php?app/del...

Medium: cups

Issue Overview: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary...

Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2024-660)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-660 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointi...

CVE-2024-20399

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...

DEBIAN-CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

ALPINE-CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

CVE-2024-35235

CVE-2024-35235 affects OpenPrinting CUPS. Affects cupsd Listen directives using a symlink can trigger arbitrary chmod on the argument, giving world-writable access to the target and, on some configurations (e.g., Ubuntu AppArmor), potentially full root command execution via cups-files.conf User/G...

CVE-2024-34338

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerabili...

CVE-2024-20358

A vulnerability in the Cisco Adaptive Security Appliance ASA restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level...

The vulnerability of the svc_nas utility in the operating system for managing and maintaining data storage in the Dell Unity Operating Environment allows a malicious actor to execute arbitrary commands with root privileges.

The vulnerability of the svcnas utility in the operating system for managing and maintaining data storage in the Dell Unity Operating Environment exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability can allo...

PT-2024-22203

Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...

NEC Aterm 安全漏洞

The NEC Aterm is a series of wireless routers from Nippon Electric NEC. A security vulnerability exists in NEC Aterm that originates from allowing an attacker to execute arbitrary operating system commands with root privileges over the Internet. The following products are affected: WG1800HP4,...

PT-2024-22212

Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...

CVE-2024-26294

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

CVE-2024-22228

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svccifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges...

PT-2024-2899 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions prior to 5.4 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command by the svc oscheck utility of Dell Unity's microcode. This allows an authenticated...

Hongdian Router H8951-4G-ESP Security Vulnerability

The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian Router H8951-4G-ESP 2310271149. An attacker can exploit this vulnerability to execute arbitrary commands in a root user environment...

The vulnerability in the Web interface of the Cisco Unity Connection system allows a perpetrator to execute arbitrary commands with root privileges.

The vulnerability of the Cisco Unity Connection messaging system’s web management interface is related to the lack of authentication in the application programming interface. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges by loading...

Peplink Balance Security Breach

Peplink Balance is a router from Peplink. A security vulnerability exists in Peplink Balance Two versions prior to 8.4.0, which stems from the use of hard-coded credentials for Console port authentication, allowing an attacker to execute arbitrary commands as root...

CVE-2023-36650

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages...