A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.
A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged.
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can lead to local privilege escalation. Note: This CVE has been split into two (CVE-2024-4712 and CVE-2024-8405) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server.
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, or information disclosure.
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.
All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.
Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.
All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. **Note:** To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.
Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
DeepSpeed Remote Code Execution Vulnerability
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges.
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later
A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600.
A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter.
An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary systemd directives. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of the OpenClaw gateway service user.
iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4.
A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized.