105 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the enforcer that uses environment variables without sanitation. An attacker can execute arbitrary commands or cause a buffer overflow by supplying crafted input to the affected component. Remediation Upgrade...
GO-2025-4042 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector
NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2025-54469
A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...
CVE-2025-54469
NeuVector Enforcer is vulnerable to command injection due to unsanitized use of environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to compose shell commands via popen. Connected sources (GO-2025-4042, NVD/OSV entries) confirm the issue and potential impact (command injection; buffer over...
CVE-2025-54469 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow
A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...
EUVD-2025-35221
A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...
CVE-2025-54469 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow
A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...
NeuVector 操作系统命令注入漏洞
NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control, and container process/filesystem protection. NeuVector suffers from an operating system command injection vulnerability that stems...
SUSE CVE-2025-54469
A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...
GHSA-C8G6-QRWH-M3VP NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow
Impact A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the...
PT-2025-43268
Name of the Vulnerable Software and Affected Versions NeuVector versions prior to 5.4.7 Description A critical issue exists in NeuVector where the enforcer component improperly handles environment variables CLUSTER RPC PORT and CLUSTER LAN PORT. These variables are used to construct shell command...
EUVD-2025-33403
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...
CVE-2025-11198
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...
CVE-2025-11198
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...
CVE-2025-11198 Security Director Policy Enforcer: An unrestricted API allows a network-based unauthenticated attacker to deploy malicious vSRX images to VMWare NSX Server
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...
CVE-2025-11198 Security Director Policy Enforcer: An unrestricted API allows a network-based unauthenticated attacker to deploy malicious vSRX images to VMWare NSX Server
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...
CVE-2025-11198
CVE-2025-11198 describes a Missing Authentication for Critical Function in Juniper Networks Security Director Policy Enforcer. An unauthenticated, network-based attacker can cause deployment of malicious vSRX images by replacing legitimate images when a trusted user initiates deployment; the atta...
PT-2025-41398
Name of the Vulnerable Software and Affected Versions Juniper Networks Security Director Policy Enforcer versions prior to 23.1R1 Hotpatch v3 Description A missing authentication check for a critical function in Juniper Networks Security Director Policy Enforcer allows an unauthenticated,...
Juniper Security Director Policy Enforcer 访问控制错误漏洞
Juniper Security Director Policy Enforcer is a Juniper module that enables centralized issuance of security policies and automation of threat response. An access control error vulnerability exists in Juniper Security Director Policy Enforcer versions prior to 23.1R1 Hotpatch v3, which stems from ...
EUVD-2004-0592
Malware in sbrugna...