CVE-2019-3876

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...

Cross site request forgery (csrf)

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...

CVE-2019-3876

CVE-2019-3876 affects OpenShift OpenShift Container Platform 3.11 web-console: OAuth server /oauth/token/request; root cause is missing X-Frame-Options and CSRF protections that enable XSS token generation and, if not prevented, a follow-on XSS via JavaScript could extract tokens. Mitigation is p...

CVE-2019-3876

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...

CVE-2018-20162

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...

Privilege Escalation in PAN-OS

Palo Alto Networks is aware of an integer overflow vulnerability in the Linux kernel's createelftables function. Ref PAN-105966, CVE-2018-14634 Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system. To successfully exploit this...

Debian DLA-1717-1 : rdflib security update

The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because 'python -m' appends the current directory in the python path. For Debian 8 'Jessie', this problem has been fixed in version 4.1.2-3+deb8u1. We recommend that you upgrade your rdflib...

[SECURITY] [DLA 1717-1] rdflib security update

Package : rdflib Version : 4.1.2-3+deb8u1 CVE ID : CVE-2019-7653 Debian Bug : 921751 The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because "python -m" appends the current directory in the python path. For Debian 8 "Jessie", this problem...

CVE-2018-20162

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...

CVE-2018-20162

CVE-2018-20162 concerns Digi TransPort LR54 (firmware 4.4.0.26 and possibly earlier) where an Improper Input Validation vulnerability in the restricted shell allows a user with super CLI access to bypass the shell restrictions and execute arbitrary commands as root. Connected sources describe the...

ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +3 more potentially affected by CVE-2015-1772 via org.apache.hive:hive-exec (=1.1.0)

org.apache.hive:hive-exec MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - ai.h2o:h2o-orc-parser =3.18.0.9, =0.1.5, =0.1.5, =0.11.0, =0.11.1 Source cves: CVE-2015-1772 Source advisory...

Ubiquiti Inc.: EdgeSwitch Command Injection

In EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user...

CVE-2019-1613 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

CVE-2019-1612 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

CVE-2019-1611

The CVE-2019-1611 issue is a vulnerability in the Cisco NX-OS FXOS CLI where insufficient validation of CLI arguments enables an authenticated, local attacker with valid admin credentials to execute arbitrary commands on the device with elevated privileges. The concern affects multiple Cisco plat...

CVE-2019-1612

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612) affects Nexus 3000, Nexus 3500, Nexus 3600 platforms and NX-OS Stand releases, with root cause tied to insufficient validation of CLI arguments. An authenticated local attacker with administrator credentials could exploit th...

CVE-2019-1611 Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)

A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI...

CVE-2019-1610

Cisco NX-OS Software CLI Command Injection (CVE-2019-1610) affects Nexus 3500 and Nexus 3000 series switches running versions prior to 7.0(3)I7(4). The issue is due to insufficient validation of arguments to certain CLI commands, allowing an authenticated, local attacker with administrator creden...

CVE-2019-1611 Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)

A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI...

CVE-2019-1613

CVE-2019-1613 affects Cisco NX-OS CLI command handling, enabling an authenticated, local attacker to inject and execute arbitrary commands due to insufficient argument validation. Affected are multiple Cisco platforms: MDS 9000 series (pre-6.2(27) and 8.2(3)); Nexus 3000 (pre-7.0(3)I4(9) and 7.0(...