CVE-2019-1952

CVE-2019-1952 concerns a path traversal vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS). The issue arises from improper input validation of CLI command arguments, allowing an authenticated, local attacker with valid administrator credentials to use directory trave...

CVE-2019-1952 Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CL...

Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability (CNVD-2019-38857)

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A path traversal vulnerability exists in the CLI for Cisco Enterprise NFV...

Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CL...

Cisco Enterprise NFV Infrastructure Software Privilege Escalation Vulnerability

A vulnerability the Cisco Enterprise NFV Infrastructure Software NFVIS restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due t...

Cisco Enterprise NFV Infrastructure Software Privilege License and Access Control Issues Vulnerability

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. A privilege-granting and access-control...

CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

Design/Logic Flaw

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

CVE-2019-3800 CF CLI writes the client id and secret to config file

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

CVE-2019-3800

CF CLI before v6.45.0 (bosh release 1.16.0) stores the client id and secret in the CLI config file upon authentication with --client-credentials. A local authenticated user with access to that config can impersonate the leaked client. Impact is high for confidentiality and integrity of the creden...

Information Disclosure

jenkins is vulnerable to information disclosure. Unauthorized attackers are able to confirm the existence of agents or views by sending a malicious CLI command...

Usbrip - Simple Command Line Forensics Tool For Tracking USB Device Artifacts (History Of USB Events) On GNU/Linux

usbrip derived from "USB Ripper", not "USB R.I.P." is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts aka USB event history, "Connected" and "Disconnected" events on Linux machines. Description usbrip is a small piece of software written in pure...

XSpear - Powerfull XSS Scanning And Parameter Analysis Tool

XSpear is XSS Scanner on ruby gems. Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testi...

Cross-Site Scripting (XSS)

web-console is vulnerable to cross-site scripting. The vulnerability, caused by missing X-Frame-Options and CSRF protections, in the oauth/token/request endpoint could allow a remote attacker to retrieve a token for CLI usage when using non default configs...

redis: Code execution in redis-cli via crafted command line arguments

The Redis command line tool 'redis-cli' is vulnerable to a buffer overflow through the -h host command line parameter. The redis-cli may be used by other services; if these services do not adequately filter the host input it could lead to code execution with the privilege level of that service...

Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in Project Calico, the network CNI plugin used in IBM Cloud Kubernetes Service, which could result in weaker than expected network policy protection. Vulnerability Details CVEID: None available DESCRIPTION: Project Calic...

@jamesbliss/react-flickity (>=1.0.0 <=1.4.0), @jamesbliss/react-spy (=0.0.1) +17 more potentially affected by CVE-2019-5448 via yarn (>=1.0.2 <=1.16.0)

yarn NPM version =1.0.2, =1.0.0, =1.9.9, =1.0.0, =1.0.21, =8.3.8, =0.1.0, =3.0.0, =0.0.0-semantic-release, =1.1.2, =0.1.9, =1.0.0, =1.11.13 and more Source cves: CVE-2019-5448 Source advisory: SNYK:JS-YARN-451571...

CVE-2019-5445

DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands...

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), elstr-jslib (>=3.0.18 <=3.0.47) +25 more potentially affected by CVE-2019-10744 via lodash-amd (>=2.4.1 <=4.16.4)

lodash-amd NPM version =2.4.1, =0.1.0, =3.0.18, =0.4.0, =4.1.1, =0.1.11, =3.4.0, =0.0.1, =0.7.1, =0.1.1, =0.2.5, =0.0.3, =0.1.10, =0.1.6, =0.1.1, =0.1.4 and more Source cves: CVE-2019-10744 Source advisory: OSV:GHSA-JF85-CPCP-J695...