CVE-2019-10206

CVE-2019-10206 affects Ansible (various branches): 2.6.x pre-2.6.19, 2.7.x pre-2.7.13, 2.8.x pre-2.8.4. The flaw arises when prompting passwords by expanding templates, which could reveal passwords via templates/logs. Impact per sources includes potential exposure of credentials (confidentiality)...

PT-2019-5737 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.2.3 and below FortiAnalyzer versions 6.2.3 and below Description: The issue is related to the use of a hard-coded cryptographic key in the CLI configuration of FortiManager and FortiAnalyzer, which may allow an attacke...

Memory corruption

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application e.g., through CTRL+\ via SSH. The access...

CVE-2019-15804

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application e.g., through CTRL+\ via SSH. The access...

CVE-2019-15804

CVE-2019-15804 affects Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending SIGQUIT to the CLI process (e.g., CTRL+\ via SSH), an undocumented menu can be triggered, exposing a "Password recovery for specific user" option. Access control blocks the menu, but it is believed to be r...

Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1790)

According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to certain CLI commands on an affected device. An authenticated, local attacker can exploit this to execute arbitrary commands on the...

Protect

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of system's builtin local certificates via unsetting the keys encryption password or for user uploaded local certificates via setting an empty password. Note that backed up...

Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1776)

According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to a specific CLI command on an affected device. An authenticated, local attacker can exploit this to execute arbitrary commands on the...

Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1770)

According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to a specific CLI command. An authenticated, local attacker can exploit these vulnerabilities by including malicious input as the argume...

Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1783)

According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to a specific CLI command on an affected device. An authenticated, local attacker can exploit this to execute arbitrary commands on the...

Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1735)

According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to certain CLI commands on an affected device. An authenticated, local attacker can exploit this to execute arbitrary commands on the...

Cisco NX-OS Software Command Injection (CVE-2019-1784)

According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to a specific CLI command on an affected device. An unauthenticated, local attacker can exploit this to execute arbitrary commands on th...

SUSE SLED15 / SLES15 Security Update : gdb (SUSE-SU-2019:2902-1)

This update for gdb fixes the following issues : Update to gdb 8.3.1: jscECO-368 Security issues fixed : CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. bsc1142772 Upgrade libipt from v2.0 to v2.0.1. Enable librpm for version librpm.so.3...

Cisco TelePresence Collaboration Endpoint Software Command Injection Vulnerability (cisco-sa-20191016-tele-ce-cmdinj)

According to its self-reported version, the Cisco TelePresence Collaboration Endpoint CE Cisco TelePresence Software is affected by a command injection vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this by authenticating as an...

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE, Cisco TelePresence Codec TC, and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input...

Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

CVE-2019-1734

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...

Design/Logic Flaw

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...

CVE-2019-1734

CVE-2019-1734 affects Cisco FXOS and NX-OS Software. Root cause: incomplete RBAC verification in a CLI diagnostic command, allowing an authenticated, local attacker to arbitrarily read sensitive files with valid credentials. Impact: information disclosure; no exploitation details provided beyond ...

AtomShields Cli - Security Testing Framework For Repositories And Source Code

AtomShields Cli is a Command-Line Interface to use the software AtomShields Installation pip install atomshieldscli Basic usage ascli --target --name The allowed action values are: install : To install a checker or a report, depending the context setted. uninstall : To uninstall a checker or a...