Lucene search
K

105 matches found

Snyk
Snyk
added 2025/10/30 3:2 p.m.3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the enforcer that uses environment variables without sanitation. An attacker can execute arbitrary commands or cause a buffer overflow by supplying crafted input to the affected component. Remediation Upgrade...

9.9CVSS8.3AI score0.0043EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 3:2 p.m.2 views

GO-2025-4042 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector

NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

9.9CVSS7.5AI score0.0043EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 10:15 a.m.5 views

CVE-2025-54469

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

9.9CVSS0.0043EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:41 a.m.40 views

CVE-2025-54469

NeuVector Enforcer is vulnerable to command injection due to unsanitized use of environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to compose shell commands via popen. Connected sources (GO-2025-4042, NVD/OSV entries) confirm the issue and potential impact (command injection; buffer over...

9.9CVSS6.8AI score0.0043EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:41 a.m.19 views

CVE-2025-54469 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

9.9CVSS0.0043EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/30 9:41 a.m.6 views

EUVD-2025-35221

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

9.9CVSS6.7AI score0.0043EPSS
Exploits0References4
OSV
OSV
added 2025/10/30 9:41 a.m.1 views

CVE-2025-54469 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

9.9CVSS7.2AI score0.0043EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.8 views

NeuVector 操作系统命令注入漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control, and container process/filesystem protection. NeuVector suffers from an operating system command injection vulnerability that stems...

9.9CVSS7.2AI score0.0043EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/10/22 11:24 p.m.4 views

SUSE CVE-2025-54469

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

9.9CVSS7.5AI score0.0043EPSS
Exploits0References4
OSV
OSV
added 2025/10/21 8:25 p.m.4 views

GHSA-C8G6-QRWH-M3VP NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

Impact A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the...

9.9CVSS7.5AI score0.0043EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/21 12:0 a.m.4 views

PT-2025-43268

Name of the Vulnerable Software and Affected Versions NeuVector versions prior to 5.4.7 Description A critical issue exists in NeuVector where the enforcer component improperly handles environment variables CLUSTER RPC PORT and CLUSTER LAN PORT. These variables are used to construct shell command...

9.9CVSS6.8AI score0.00933EPSS
Exploits0References94
EUVD
EUVD
added 2025/10/09 6:30 p.m.5 views

EUVD-2025-33403

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...

8.5CVSS6.3AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2025/10/09 4:15 p.m.10 views

CVE-2025-11198

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...

8.5CVSS5.8AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2025/10/09 4:15 p.m.7 views

CVE-2025-11198

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...

8.5CVSS0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/09 3:39 p.m.3 views

CVE-2025-11198 Security Director Policy Enforcer: An unrestricted API allows a network-based unauthenticated attacker to deploy malicious vSRX images to VMWare NSX Server

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...

8.5CVSS6.4AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 3:39 p.m.11 views

CVE-2025-11198 Security Director Policy Enforcer: An unrestricted API allows a network-based unauthenticated attacker to deploy malicious vSRX images to VMWare NSX Server

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...

8.5CVSS0.00255EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 3:39 p.m.62 views

CVE-2025-11198

CVE-2025-11198 describes a Missing Authentication for Critical Function in Juniper Networks Security Director Policy Enforcer. An unauthenticated, network-based attacker can cause deployment of malicious vSRX images by replacing legitimate images when a trusted user initiates deployment; the atta...

8.5CVSS6.4AI score0.00255EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.8 views

PT-2025-41398

Name of the Vulnerable Software and Affected Versions Juniper Networks Security Director Policy Enforcer versions prior to 23.1R1 Hotpatch v3 Description A missing authentication check for a critical function in Juniper Networks Security Director Policy Enforcer allows an unauthenticated,...

8.5CVSS6.8AI score0.00255EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.5 views

Juniper Security Director Policy Enforcer 访问控制错误漏洞

Juniper Security Director Policy Enforcer is a Juniper module that enables centralized issuance of security policies and automation of threat response. An access control error vulnerability exists in Juniper Security Director Policy Enforcer versions prior to 23.1R1 Hotpatch v3, which stems from ...

8.5CVSS6.8AI score0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-0592

Malware in sbrugna...

7.5CVSS6.4AI score0.01635EPSS
Exploits0References5
Rows per page
Query Builder