SUSE CVE-2018-1111

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw...

The vulnerability of the Cisco IOx software platform arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands on the operating system with root privileges.

The vulnerability of the Cisco IOx software platform exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands in the operating system with root privileges...

PT-2023-1277 · Cisco · Cisco Small Business Rv260 +4

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV160 and RV260 Series VPN Routers affected versions not specified Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W affected versions not specified Description: A vulnerability in the web-based management...

PT-2023-14413 · Linksys · Linksys Wumc710 Wireless-Ac Universal Media Connector

Name of the Vulnerable Software and Affected Versions: Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and earlier Description: An arbitrary code execution issue exists due to the do setNTP function within the httpd binary using unvalidated user input in the constructi...

CVE-2022-43538

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...

PT-2023-14496 · Aruba · Aruba Edgeconnect Enterprise Orchestrator

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise Orchestrator versions 9.2.1.40179 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.1.4.40436 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.0.7.40110 and below Aruba EdgeConnect...

PT-2022-6068 · Veritas · Veritas Netbackup Appliance +1

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions through 10.1 Veritas NetBackup Appliance versions affected versions not specified Related Veritas products on Linux and UNIX versions affected versions not specified Description: The Java Admin Console in Veritas...

PT-2022-6017 · Cisco · Cisco Sd-Wan

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Software affected versions not specified Description: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This issue is d...

Security Bulletin: SONAS Fix Available for Code Injection via Command Line Interface and SONAS Graphical User Interface (CVE-2012-2163)

Abstract SONAS has a vulnerability that allows SONAS administrative users to execute commands as root. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-2163 DESCRIPTION: An error in the command execution of the SONAS Command Line Interface and the SONAS Graphical User Interface could be leveraged ...

Vulnerabilities fixed in Cisco NX-OS and FXOS

Cisco has fixed vulnerabilities in NX-OS and FXOS for various Firepower, Nexus and UCS hardware. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or use command-injection to execute commands on the vulnerable system with root privileges. To exploit the...

CVE-2022-36310

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models...

The vulnerability of the UART console of the TP-Link TL-WR840N EU microprogramming software allows a hacker to execute arbitrary commands on behalf of the root user.

The vulnerability of the UART console of the TP-Link TL-WR840N EU router’s microprogramming software lies in the absence of authentication procedures. Exploiting this vulnerability allows a hacker to execute arbitrary commands on behalf of the root user...

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco USA. The Cisco Small Business router suffers from a buffer error vulnerability that originates from an authenticated, remote attacker utilizing its web-based management interface to insufficiently validate the user field in incoming HTTP packets. An...

CVE-2022-20890

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-20828

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerabilit...

PT-2022-3059 · Cisco · Cisco Firepower Services Software For Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco FirePOWER Services Software for ASA affected versions not specified Description: The issue is related to improper handling of undefined command parameters in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA...

CVE-2022-30308

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

Festo Controller CECC-X-M1 操作系统命令注入漏洞

The Festo Controller CECC-X-M1 is a series of controller devices from Festo, Germany. An operating system command injection vulnerability exists in the Festo Controller CECC-X-M1. An attacker could use this vulnerability to execute system commands with root privileges...

CVE-2022-0997

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a...

CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by injecting a maliciously crafted input in the request through /tos/index.php?app/handapp...