CVE-2023-28000

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...

CVE-2023-27991

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series...

CVE-2023-20021

Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...

Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family (CVE-2011-3389)

Summary Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family CVE-2011-3389 Vulnerability Details Security Bulletin --- Summary --- SSL and TLS vulnerabilities were disclosed in September 2011. This vulnerability has been referred to as the...

CVE-2023-0978

A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to...

FortiWeb - Buffer overflow in execute backup-local command

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename and execute backup-local show operations...

CVE-2022-38547

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which...

CVE-2023-20023

Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...

Design/Logic Flaw

An Uncontrolled Resource Consumption vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service DoS. When a specific SNMP GET operation or a specific CLI command...

CVE-2023-22400

CVE-2023-22400 affects Juniper Networks Junos OS Evolved (evo-pfemand) and can cause an FPC crash/DoS due to a GUID leak triggered by specific SNMP GETs or CLI commands. Affected families include all versions before 20.4R3-S3-EVO; 21.1-EVO (21.1R1-EVO and later); all versions before 21.2R3-S4-EVO...

CVE-2023-22400 Junos OS Evolved: A specific SNMP GET operation and a specific CLI commands cause resources to leak and eventually the evo-pfemand process will crash

An Uncontrolled Resource Consumption vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service DoS. When a specific SNMP GET operation or a specific CLI command...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.9.52 packages update

Red Hat OpenShift Container Platform release 4.9.52 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

CVE-2022-3320 Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled...

CVE-2022-3512 Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint...

CVE-2022-22240 Junos OS and Junos OS Evolved: An rpd memory leak might be observed while running a specific cli command in a RIB sharding scenario

An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice Do...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.9.48 extras security update

Red Hat OpenShift Container Platform release 4.9.48 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.3 packages and security update

Red Hat OpenShift Container Platform release 4.11.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

CVE-2022-20906

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...

CVE-2022-20907

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...

CVE-2022-20908

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...