7988 matches found
CVE-2019-3786
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. Th...
Design/Logic Flaw
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. Th...
CVE-2019-3786 BBR could run arbitrary scripts on deployment VMs
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. Th...
CVE-2019-3786
Cloud Foundry BOSH Backup and Restore CLI (all versions before v1.5.0) does not validate backup-script authenticity in BOSH. A remote authenticated attacker can modify the metadata of a BBR job to request extra backup files from different jobs during restore. The vulnerable hooks are in the cfcr-...
[SECURITY] Fedora 29 Update: group-service-1.1.0-5.fc29
Dbus Group management CLI tool...
Sensitive Information Disclosure
sequelize-cli is vulnerable to sensitive information disclosure. The vulnerability exists as the config.password value is logged unencrypted into log files, allowing a local user to retrieve the configuration password...
Sensitive Data Exposure
Overview Versions of sequelize-cli prior to 5.5.0 are vulnerable to Sensitive Data Exposure. The function filteredURL does not properly sanitize the config.password value which may cause passwords with special characters to be logged in plain text. Recommendation Upgrade to version 5.5.0 or later...
CVE-2019-1829
A vulnerability in the CLI of Cisco Aironet Series Access Points APs could allow an authenticated, local attacker to gain access to the underlying Linux operating system OS without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due ...
CVE-2019-1835
A vulnerability in the CLI of Cisco Aironet Access Points APs could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerabili...
Directory traversal
A vulnerability in the CLI of Cisco Aironet Access Points APs could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerabili...
Input validation
A vulnerability in the CLI of Cisco Aironet Series Access Points APs could allow an authenticated, local attacker to gain access to the underlying Linux operating system OS without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due ...
CVE-2019-1725
A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...
CVE-2019-1805
A vulnerability in certain access control mechanisms for the Secure Shell SSH server implementation for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input-...
Design/Logic Flaw
A vulnerability in certain access control mechanisms for the Secure Shell SSH server implementation for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input-...
Input validation
A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...
CVE-2019-1835 Cisco Aironet Series Access Points Directory Traversal Vulnerability
A vulnerability in the CLI of Cisco Aironet Access Points APs could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerabili...
CVE-2019-1835
CVE-2019-1835 : The Cisco Aironet Series Access Points CLI directory traversal vulnerability is confirmed by multiple sources. An authenticated, local attacker who gains admin CLI access can issue crafted commands that bypass input sanitization to traverse directories and view system files on aff...
CVE-2019-1835 Cisco Aironet Series Access Points Directory Traversal Vulnerability
A vulnerability in the CLI of Cisco Aironet Access Points APs could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerabili...
CVE-2019-1829
CVE-2019-1829 is a vulnerability in the CLI of Cisco Aironet Series Access Points where an authenticated, local attacker with valid administrator credentials can abuse improper validation of input to certain CLI commands to gain access to the underlying Linux OS. Affected product: Cisco Aironet A...
CVE-2019-1829 Cisco Aironet Series Access Points Command Injection Vulnerability
A vulnerability in the CLI of Cisco Aironet Series Access Points APs could allow an authenticated, local attacker to gain access to the underlying Linux operating system OS without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due ...