CVE-2019-1966

Cisco UCS Fabric Interconnect vulnerability (CVE-2019-1966) allows local privilege escalation via the local-mgmt CLI. The issue arises from extraneous subcommand options on a specific command, enabling an authenticated, local attacker with valid credentials to execute arbitrary OS commands as roo...

CVE-2019-1966 Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability

A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...

Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability

A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...

CVE-2019-15714

cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations...

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1780)

According to its self-reported version, Cissco NX-OS Software is affected by a vulnerability that allows an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerabili...

@idearium/cli (>=1.0.0 <=4.3.0-beta.0), @stoplight/command (>=0.0.11-1 <=0.0.24) +27 more potentially affected by CVE-2019-10747 via set-value (=3.0.0)

set-value NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @idearium/cli =1.0.0, =0.0.11-1, =0.0.11-29, =0.0.11-1, =0.0.11-1, =0.0.11-1, =0.0.18, =0.0.11-1, =0.0.11-1, =0.0.11-30, =0.0.11-1, =0.0.18,...

Security update for zstd (moderate)

openSUSE Security Update: Security update for zstd Announcement ID: openSUSE-SU-2019:2008-1 Rating: moderate References: 1082318 1133297 1142941 Cross-References: CVE-2019-11922 Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that solves one vulnerability and...

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1791)

According to its self-reported version, Cisco NX-OS Software is affected by vulnerability in the CLI of Cisco NX-OS Software which allow an authenticated, local attacker with administrator credentials to execute arbitrary commands with elevated privileges on the underlying operating system of an...

Input validation

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attack...

CVE-2019-1883

CVE-2019-1883 affects Cisco Integrated Management Controller (IMC) CLI, where insufficient validation of user-supplied input on the command-line interface can allow an authenticated, local attacker with read-only privileges to inject arbitrary commands and gain root privileges. The vulnerability ...

CVE-2019-1839 Cisco Remote PHY Device Software Command Injection Vulnerability

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attack...

@careteam/mfe-init (=0.0.8), @topfeed/topfeed (>=0.0.30 <=0.0.44) +69 more potentially affected by CVE-2019-10745 via assign-deep (>=0.1.2 <=0.4.7)

assign-deep NPM version =0.1.2, =0.0.30, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =1.0.0, =1.2.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =2.3.0 and more Source cves: CVE-2019-10745 Source advisory: OSV:GHSA-66RH-8FW6-59Q6...

openSUSE: Security Advisory for zstd (openSUSE-SU-2019:1952-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for zstd (moderate)

openSUSE Security Update: Security update for zstd Announcement ID: openSUSE-SU-2019:1952-1 Rating: moderate References: 1082318 1133297 1142941 Cross-References: CVE-2019-11922 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has two fixes is now available...

OPENSUSE-SU-2019:1845-1 Security update for zstd

This update for zstd to version 1.4.2 fixes the following issues: Security issues fixed: - CVE-2019-11922: Fixed race condition in one-pass compression functions that could allow out of bounds write boo1142941. Non-security issues fixed: - Added --no-compress-literals CLI flag to enable or disabl...

CVE-2019-1972

A vulnerability the Cisco Enterprise NFV Infrastructure Software NFVIS restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due t...

CVE-2019-1952

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CL...

Design/Logic Flaw

A vulnerability the Cisco Enterprise NFV Infrastructure Software NFVIS restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due t...

CVE-2019-1972 Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability

A vulnerability the Cisco Enterprise NFV Infrastructure Software NFVIS restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due t...

CVE-2019-1972 Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability

A vulnerability the Cisco Enterprise NFV Infrastructure Software NFVIS restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due t...