CVE-2020-1609

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This...

CVE-2019-17621

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network...

Unspecified vulnerability in ezmaster

ezmaster is a tool for managing Docker applications and instances. A security vulnerability exists in ezmaster that can be exploited by an attacker to execute commands as the root user...

CVE-2017-12945

Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root...

The vulnerability of the command-line interface (CLI) of the Cisco TelePresence Collaboration Endpoint (CE) software allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface CLI of Cisco TelePresence Collaboration Endpoint CE software relates to privilege management errors. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...

Cisco TelePresence Collaboration Endpoint Software Elevation of Privilege Vulnerability (CNVD-2019-37411)

Cisco TelePresence is a Cisco TelePresence solution. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint CE versions prior to 9.8.1 due to insufficient input validation. An attacker can exploit the vulnerability to be able to execute commands with root privileges by...

USN-4154-1 sudo vulnerability

Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user...

CVE-2019-17509

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php...

The vulnerability of the multi-connection mode of the Microprogrammable Network Interface Device Firepower Threat Defense (FTD) allows a attacker to exit the container for their own instance of FTD and execute arbitrary commands with root privileges.

The vulnerability of the multi-connection mode of the Firepower Threat Defense FTD software relates to security configuration errors. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges from within the FTD instance...

The vulnerability of the configuration utility in the Cisco IMC software for remote server management, which allows a attacker to execute arbitrary commands with root privileges or cause service interruptions.

The vulnerability of the configuration tool of the Cisco IMC software for remote server management by Cisco Integrated Management Controller arises from an operation that goes beyond the buffer limits in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

CVE-2019-15027

The CVE-2019-15027 issue affects the MediaTek Embedded Multimedia Card (eMMC) subsystem on Android devices with MT65xx, MT66xx, and MT8163 SoCs. The root cause is in clear_emmc_nomedia_entry (platform/mt6577/external/meta/emmc/meta_clr_emmc.c), which invokes system("/system/bin/rm -r /data/" + a ...

CVE-2019-15027

The MediaTek Embedded Multimedia Card eMMC subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clearemmcnomediaentry in platform/mt6577/external/meta/emmc/metaclremmc.c...

The vulnerability of the network operating system NX-OS for Cisco Nexus 9000 series routers, related to deficiencies in access control, allows a hacker to execute arbitrary operating system commands on behalf of the root user.

The vulnerability of the Cisco Nexus 9000 series network operating system routers is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary operating system commands on behalf of the root user by accessing the CLI of the vulnerable device...

CVE-2019-1783

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments...

DEBIAN-CVE-2019-7304

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1...

CVE-2019-11001

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field...

CVE-2018-20162

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...

CVE-2019-1614

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this...

CVE-2019-7300

Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldapadmin and ldappassword fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field...

CVE-2018-20342

The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges...