CVE-2019-1805

CVE-2019-1805 describes an SSH access vulnerability in Cisco Wireless LAN Controller (WLC) software. The issue stems from improper input/validation checks in the SSH server, allowing an unauthenticated, adjacent attacker to gain access to a CLI instance on affected devices. Connected advisory doc...

CVE-2019-1725 Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...

CVE-2019-1725 Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...

CVE-2019-1725

CVE-2019-1725 affects Cisco UCS B-Series Blade Servers. A vulnerability in the local management CLI allows an authenticated, local attacker to overwrite arbitrary files on disk or inject CLI parameters for a subset of commands due to insufficient input validation. The issue is specific to certain...

Design/Logic Flaw

A vulnerability in the development shell devshell authentication for Cisco Aironet Series Access Points APs running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for root access to the...

[SECURITY] Fedora 30 Update: group-service-1.1.0-5.fc30

Dbus Group management CLI tool...

Cisco Aironet Series Access Points Directory Traversal Vulnerability

A vulnerability in the CLI of Cisco Aironet Access Points APs could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerabili...

Cisco UCS B-Series Blade Servers Local Management CLI Arbitrary File Creation or CLI Parameter Injection Vulnerability

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...

CVE-2019-1003049

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based...

CVE-2019-1003049

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based...

CVE-2019-1003049

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based...

CVE-2019-1003049

CVE-2019-1003049 affects Jenkins core where an incomplete fix for security advisory SECURITY-901 left remoting-based CLI authentication caches valid in Jenkins versions prior to 2.172 (and LTS prior to 2.164.2). Affected products/versions: Jenkins and LTS builds older than 2.172 and 2.164.2 respe...

CVE-2019-1003049

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based...

Design/Logic Flaw

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user...

CVE-2019-5425

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root...

CVE-2019-5425

Affected product: Ubiquiti Networks EdgeSwitch X (v1.1.0 and earlier). Issue: authenticated SSH access can run arbitrary shell commands, bypassing the CLI, enabling root privilege escalation. Root cause: improper command handling over SSH interfaces allows execution of non-CLI commands. Impact: f...

CVE-2019-5424

CVE-2019-5424 affects Ubiquiti Networks EdgeSwitch X (v1.1.0 and earlier). A privileged user can execute arbitrary shell commands via the SSH CLI, enabling root-level commands. This is the stated impact in the CVE descriptions and multiple connected records. A patch/release note referenced in the...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-1289 Jenkins accepted cached legacy CLI authentication Medium SECURITY-1327 XSS vulnerability in form validation button...

CVE-2019-3786: BBR could run arbitrary scripts on deployment VMs | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions BOSH Backup and Restore All versions prior to v1.5.0 Description Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote...

Security update for yast2-rmt (moderate)

openSUSE Security Update: Security update for yast2-rmt Announcement ID: openSUSE-SU-2019:1089-1 Rating: moderate References: 1119835 1120672 1123562 Cross-References: CVE-2018-20105 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has two fixes is now available...