Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2024-2574)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VulnCheck KEV: CVE-2022-31814

pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...

EulerOS 2.0 SP9 : cups (EulerOS-SA-2024-2384)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the...

EulerOS 2.0 SP10 : cups (EulerOS-SA-2024-2409)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the...

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2024-2384)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHOENIX CONTACT FL/TC MGUARD 操作系统命令注入漏洞

The PHOENIX CONTACT FL/TC MGUARD is a series of routers from PHOENIX CONTACT, Germany. An operating system command injection vulnerability exists in the PHOENIX CONTACT FL/TC MGUARD, which arises from improper neutralization of specific elements of user data, allowing a low-privileged remote...

PT-2024-30545 · Mguard · Mguard

Name of the Vulnerable Software and Affected Versions: mGuard devices affected versions not specified Description: A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY HTTP PORT. This...

The vulnerability of the web interface of the microprogramming software for Cisco Small Business SPA300 and SPA500 allows a perpetrator to execute arbitrary commands in the basic operating system.

The vulnerability of the web interface of Cisco Small Business SPA300 and SPA500 microprogramming software lies in the copying of input data into memory without checking its size. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands on the basic...

SUSE CVE-1999-0163

In older versions of Sendmail, an attacker could use a pipe character to execute root commands...

PT-2024-38051 · Unknown · Nimble Commander

Name of the Vulnerable Software and Affected Versions: Nimble Commander affected versions not specified Description: The issue arises from the server's improper validation of a client's authorization, specifically in the info.filesmanager.Files.PrivilegedIOHelperV2 component. This allows for the...

VulnCheck KEV: CVE-2021-45837

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending a specifically crafted input to /tos/index.php?app/del...

Medium: cups

Issue Overview: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary...

Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2024-660)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-660 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointi...

CVE-2024-20399

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...

DEBIAN-CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

ALPINE-CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

CVE-2024-35235

CVE-2024-35235 affects OpenPrinting CUPS. Affects cupsd Listen directives using a symlink can trigger arbitrary chmod on the argument, giving world-writable access to the target and, on some configurations (e.g., Ubuntu AppArmor), potentially full root command execution via cups-files.conf User/G...

CVE-2024-34338

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerabili...

CVE-2024-20358

A vulnerability in the Cisco Adaptive Security Appliance ASA restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level...

The vulnerability of the svc_nas utility in the operating system for managing and maintaining data storage in the Dell Unity Operating Environment allows a malicious actor to execute arbitrary commands with root privileges.

The vulnerability of the svcnas utility in the operating system for managing and maintaining data storage in the Dell Unity Operating Environment exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability can allo...