CVE-2019-1879 Cisco Integrated Management Controller CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could explo...

CVE-2019-1625 Cisco SD-WAN Solution Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by...

CVE-2019-1625

CVE-2019-1625 affects Cisco SD-WAN Solution CLI. An authenticated, local attacker can bypass authorization and escalate privileges to root due to insufficient enforcement in the CLI. Exploitation would allow privileged configuration changes on affected devices. Mitigation observed in connected so...

CVE-2019-1623 Cisco Meeting Server CLI Command Injection Vulnerability

A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with...

CVE-2019-1623

The CVE-2019-1623 issue affects Cisco Meeting Server's CLI configuration shell. An authenticated, locally privileged attacker (administrator) can exploit insufficient input validation in a vulnerable CLI command to inject crafted arguments, potentially achieving arbitrary code execution as root o...

Cisco Meeting Server CLI Command Injection Vulnerability

Cisco Meeting Server is a video conferencing solution from Cisco that combines place-based video, audio, and Web communications to meet the collaboration needs of the modern workplace. A command injection vulnerability exists in the CLI configuration shell of Cisco Meeting Server. The vulnerabili...

Cisco Meeting Server CLI Command Injection Vulnerability

A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with...

Cisco SD-WAN Solution Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by...

Cisco Integrated Management Controller CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Integrated Management Controller IMC could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could explo...

[SECURITY] Fedora 29 Update: podman-1.4.0-2.fc29

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the managemen t of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

docker-engine security update

docker-engine 18.09.1-1.0.8 - cherry-picked fix for CVE-2018-15664 from upstream 18.09.1-1.0.7 - added runc version requirement 18.09.1-1.0.6 - disable kmem accounting for UEKR4 docker-cli 18.09.1-1.0.8 - rebuild 18.09.1-1.0.7 - rebuild 18.09.1-1.0.6 - disable kmem accounting for UEKR4 runc...

Fedora Update for podman FEDORA-2019-886b4d2fb6

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: podman-1.4.0-2.fc30

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the managemen t of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

[SECURITY] Fedora 30 Update: podman-1.4.0-1.fc30

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the managemen t of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability

According to its self-reported version, Cisco NX-OS Software isa ffected by a vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credential...

muleify (>=2.5.7 <=4.0.5), oxe-cli (>=1.1.0 <=1.1.3) potentially affected by unknown CVE via servey (>=1.0.3 <=2.2.0)

servey NPM version =1.0.3, =2.5.7, =1.1.0, =1.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-RV49-54QP-FW42...

Malicious Package

angluar-cli is a malicious package. It contains malicious codes in its post-install scripts which attempt to remove files and stop processes related to McAfee antivirus on macOS...

GHSA-3XC7-XG67-PW99 Sensitive Data Exposure in sequelize-cli

Versions of sequelize-cli prior to 5.5.0 are vulnerable to Sensitive Data Exposure. The function filteredURL does not properly sanitize the config.password value which may cause passwords with special characters to be logged in plain text. Recommendation Upgrade to version 5.5.0 or later...

@apifie/node-microservice (>=0.0.1 <=1.0.3), @conversationai/moderator-backend-api (>=1.0.0 <=1.0.6) +101 more potentially affected by unknown CVE via sequelize-cli (>=1.2.0 <=5.4.0)

sequelize-cli NPM version =1.2.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0-beta.1, =2.2.1, =3.1.5, =0.0.10, =0.0.6, =0.0.1, =1.1.7, =1.1.12 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3XC7-XG67-PW99...

Sensitive Data Exposure in sequelize-cli

Versions of sequelize-cli prior to 5.5.0 are vulnerable to Sensitive Data Exposure. The function filteredURL does not properly sanitize the config.password value which may cause passwords with special characters to be logged in plain text. Recommendation Upgrade to version 5.5.0 or later...