CVE-2019-3782

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782 CredHub CLI writes environment variable credentials to disk

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782

The CVE-2019-3782 issue affects Cloud Foundry CredHub CLI prior to version 2.2.1. The vulnerability arises when credentials supplied via environment variables are written to the CLI’s persistent config file, potentially exposing them to a local authenticated attacker who has access to the CredHub...

Default credentials

A vulnerability in the management web interface of Cisco Network Assurance Engine NAE could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service DoS condition on the server. The vulnerability is due to a fault in the password management system of NAE. ...

CVE-2019-3782: CredHub CLI writes environment variable credentials to disk | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CredHub CLI All versions prior to 2.2.1 Description Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent...

Code injection

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts...

CVE-2019-7653

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts...

CVE-2019-7653

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts...

CVE-2019-7653

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts...

CVE-2018-15778

CVE-2018-15778 affects Dell OS10 OS switch software; a lack of proper input validation in the CLI on Dell OS10 versions prior to 10.4.2.1 enables a command injection vulnerability. According to CNVD-2019-24558, an attacker could exploit this flaw to execute commands directly on the OS (local acce...

[SECURITY] Fedora 28 Update: wireshark-2.6.6-1.fc28

Metapackage with installs wireshark-cli and wireshark-qt...

Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool

The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running and configuring the scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the...

openthread/cli-uart-received-fuzzer: Index-out-of-bounds in ot::RouterTable::IsAllocated

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5744891089387520 Project: openthread Fuzzer: libFuzzeropenthreadcli-uart-received-fuzzer Fuzz target binary: cli-uart-received-fuzzer Job Type: libfuzzerubsanopenthread Platform Id: linux Cras...

CVE-2018-12237

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges...

Command injection

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges...

CVE-2018-12237

CVE-2018-12237 affects the Symantec Reporter CLI (Reporter CLI) by an OS command injection vulnerability. Affected: Reporter CLI versions 10.1 before 10.1.5.6 and 10.2 before 10.2.1.8. Root cause: command injection via the CLI that can be exploited by an authenticated administrator with Enable mo...

CVE-2018-12237

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges...

CVE-2019-1656

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An...

CVE-2019-1656

Cisco Enterprise NFV Infrastructure Software (NFVIS) contains an input-validation vulnerability in its CLI that can allow an authenticated, local attacker to gain shell access to the underlying Linux OS via CIMC console connections (not via remote access). The issue is triggered by crafting comma...

CVE-2019-1650

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An...