EUVD-2023-0909

Malicious code in bioql PyPI...

nigrelliloculiprefabbricati.it Improper Access Control vulnerability OBB-3841754

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Context Propagation with Project Reactor 3 - Unified Bridging between Reactive and Imperative

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative We concluded the last article with the thought that Spring Cloud Sleuth’s MANUAL context propagation strategy is both performant and provides correct...

GHSA-6Q8M-42QQ-64R7 Imperative CLI vulnerable to Command Injection

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

@broadcom/mat-analyze-for-zowe-cli (=2.0.1), @broadcom/test4z (=2.0.0) +4 more potentially affected by CVE-2021-4326 via @zowe/imperative (>=5.0.0 <=5.7.0)

@zowe/imperative NPM version =5.0.0, =1.0.0, =2.0.2, =7.0.0, =2.0.0, =3.0.0-next.202311171754 Source cves: CVE-2021-4326 Source advisory: OSV:GHSA-6Q8M-42QQ-64R7...

@ibm/rse-api-for-zowe-cli (=2.0.0), @zowe/cli (>=6.25.0 <=6.39.0) +1 more potentially affected by CVE-2021-4326 via @zowe/imperative (>=4.10.0 <=4.18.1)

@zowe/imperative NPM version =4.10.0, =6.25.0, =1.18.1, =1.22.0 Source cves: CVE-2021-4326 Source advisory: OSV:GHSA-6Q8M-42QQ-64R7...

Imperative CLI vulnerable to Command Injection

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

Design/Logic Flaw

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

Imperative 命令注入漏洞

Imperative is an open source command processing system from Zowe. Imperative has a security vulnerability that stems from the presence of a command execution vulnerability...

CVE-2021-4326 Imperative Local Command Injection allows Activity Masking

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

CVE-2021-4326 affects the Imperative framework used by Zowe CLI. Root cause: insecure usage of execSync and handling of environment variables enables a local, already-privileged actor to run arbitrary shell commands via plugin install/update commands or via maliciously formed environment variable...

PT-2023-12422 · Zowe Cli +1 · Zowe Cli +1

Name of the Vulnerable Software and Affected Versions: Imperative framework affected versions not specified Zowe CLI affected versions not specified Description: A vulnerability in the Imperative framework allows already-privileged local actors to execute arbitrary shell commands via plugin...

Fedora: Security Advisory for squirrel (FEDORA-2022-e81c0db364)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Afternoon Cyber Tea: Cybersecurity has become a pillar of the business

In a famous two-part episode of “Star Trek: The Next Generation,” Captain Jean-Luc Picard is captured by the Cardassians. During a pivotal scene, a Cardassian interrogator shows Picard four bright lights and demands that he “see” five lights. Picard resists, culminating with him shouting, “There...

Understanding influences shaping the cybersecurity landscape, enabling digital transformation, and helping to protect our planet

The accelerated rate of digital transformation we have seen this past year presents both challenges and endless opportunities for individuals, organizations, businesses, and governments around the world. Cybersecurity is the underpinning of helping protect these opportunities. By examining the...

Understanding influences shaping the cybersecurity landscape, enabling digital transformation, and helping to protect our planet

The accelerated rate of digital transformation we have seen this past year presents both challenges and endless opportunities for individuals, organizations, businesses, and governments around the world. Cybersecurity is the underpinning of helping protect these opportunities. By examining the...

CVE-2020-5796

Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges...