logkitty npm package code injection vulnerability

The logkitty npm package is a package for displaying Android and iOS logs. A code injection vulnerability in logkitty npm package versions prior to 0.7.1, which stems from the program's lack of output cleanup, can be exploited by an attacker to execute arbitrary shell commands...

CVE-2020-8149

The CVE-2020-8149 issue affects the logkitty npm package prior to version 0.7.1. Root cause: lack of output sanitization leads to code injection where an attacker can cause arbitrary shell commands to be executed. Impact: remote code execution via logkitty when processing log output, enabling att...

CVE-2020-8149

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

CVE-2019-17562

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac...

CVE-2019-17562

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac...

Buffer overflow

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac...

CVE-2020-2014

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7...

Privilege Escalation

subversion is vulnerable to privilege escalation. The vulnerability exists as a maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicio...

Opmantek Open-AudIT Injection Vulnerability

Opmantek Open-AudIT is an open source network discovery and auditing program from Opmantek USA. The program intelligently scans networks and network devices and provides status reports. Opmantek Open-AudIT suffers from an injection vulnerability. An attacker can exploit this vulnerability to inje...

CVE-2020-5868

CVE-2020-5868 is a remote command execution vulnerability in F5 BIG‑IQ Centralized Management that leverages the Grafana component. Affected versions include BIG-IQ Centralized Management 6.0.0–6.1.0 and 7.x (e.g., 7.0.x); exploitation could allow a remote attacker to run local shell commands via...

CVE-2019-20773

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 August 2019...

EulerOS Virtualization 3.0.2.2 : patch (EulerOS-SA-2020-1446)

According to the versions of the patch package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A double free exists in the anotherhunk function in pch.c in GNU patch through 2.7.6.CVE-2018-6952 - Directory traversal...

Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2020-1446)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Command Execution

redhat-ds-admin is vulnerable to arbitrary command execution. The vulnerability exists as a shell command injection flaw was discovered in the Red Hat Administration Server replication monitor CGI script used by Red Hat Directory Server 8.0. An attacker with access to the replication monitor web...

Valve: Shell command injection in https://partner.steamgames.com/apps/communityitems/ via file extension of item_image_small and item_image_large

Shell command injection in https://partner.steamgames.com/apps/communityitems/ via file extension of itemimagesmall and itemimagelarge. Shell injection was achieved on a publishing gateway through metacharacter injection in an item-upload path...

UBUNTU-CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

Palo Alto Networks PAN-OS 8.1.x < 8.1.13 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.13. It is, therefore, affected by a vulnerability. - A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This...

EulerOS Virtualization for ARM 64 3.0.2.0 : patch (EulerOS-SA-2020-1225)

According to the versions of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pchwriteline in pch.c can possibly lead t...

Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2020-1225)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...