CVE-2018-15869

An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...

Authorization Bypass

katello is vulnerable to authorization bypasses. The library does not properly enforce filters on a repository, allowing a malicious user to gain access to sensitive information on the repository through hammer cli commands...

Subdomain Enumeration Tool: Amass

Amass is the subdomain enumeration tool with the greatest number of disparate data sources that performs analysis of the resolved names in order to deliver the largest number of quality results. Amass performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting...

CVE-2018-0428

A vulnerability in the account management subsystem of Cisco Web Security Appliance WSA could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access...

Cisco Web Security Appliance Privilege Escalation Vulnerability

A vulnerability in the account management subsystem of Cisco Web Security Appliance WSA could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access...

CVE-2018-2451

XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...

Session fixation

XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...

CVE-2018-2451

XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...

CVE-2018-2451

The CVE-2018-2451 issue concerns SAP HANA XS v1 (Extended Application Services) where a user’s CLI session may remain valid beyond revoked authorizations, allowing a platform user to access controller resources via an active session and an attacker with a session to misuse the token after closure...

Network and System Reconnaissance Tool: Sandmap

Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine . It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. Key Features simple CLI with the ability to run pure Nmap engine...

npm Token Leak in npm

Affected versions of the npm package include the bearer token of the logged in user in every request made by the CLI, even if the request is not directed towards the user's active registry. An attacker could create an HTTP server to collect tokens, and by various means including but not limited t...

adaptdl-cli (>=0.2.2 <=0.2.11), agent-vault-proxy (=0.4.0) +113 more potentially affected by CVE-2018-14505 via mitmproxy (>=10.1.5 <=4.0.3)

mitmproxy PYPI version =10.1.5, =0.2.2, =1.0.0, =0.1.1, =0.2.0, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.11, =1.0.5, =0.1.0, =0.2.0, =0.72.2, =0.75.43 and more Source cves: CVE-2018-14505 Source advisory: OSV:GHSA-6M53-C78Q-7QMG...

jenkins: CLI leaked existence of views and agents with attacker-specified names to users without Overall/Read permission (SECURITY-754)

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to...

[SECURITY] Fedora 28 Update: wireshark-2.6.2-1.fc28

Metapackage with installs wireshark-cli and wireshark-qt...

apidocs-cli (>=0.0.0 <=2.0.1), assemble-init (=0.1.0) +80 more potentially affected by CVE-2018-3719 via mixin-deep (>=0.1.0 <=1.0.1)

mixin-deep NPM version =0.1.0, =0.0.0, =0.1.0-beta.2, =0.1.0, =0.1.1, =0.1.2, =0.0.1, =0.0.1, =0.1.0, =1.0.2, =0.0.5, =0.2.2, =0.3.0 - create-component =0.1.1 and more Source cves: CVE-2018-3719 Source advisory: OSV:GHSA-3MPR-HQ3P-49H9...

book-cli (=1.2.0) potentially affected by CVE-2017-16152 via static-html-server (=0.1.2)

static-html-server NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on static-html-server and may be impacted: - book-cli =1.2.0 Source cves: CVE-2017-16152 Source advisory: OSV:GHSA-9J5M-873F-XH76...

Directory Traversal in fast-http-cli

fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Example request: http GET /../../../../../../../../../../etc/passwd HTTP/1.1 host:...

GHSA-9FRQ-F867-HGQC Directory Traversal in fast-http-cli

fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Example request: http GET /../../../../../../../../../../etc/passwd HTTP/1.1 host:...

wtm-cli (>=1.0.0-beta.1 <=1.0.0-beta.6) potentially affected by CVE-2017-16223 via nodeaaaaa (=1.3.0)

nodeaaaaa NPM version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on nodeaaaaa and may be impacted: - wtm-cli =1.0.0-beta.1, =1.0.0-beta.6 Source cves: CVE-2017-16223 Source advisory: OSV:GHSA-XJ3H-VC9J-J823...

adaptdl-cli (>=0.2.2 <=0.2.11), agent-vault-proxy (=0.4.0) +113 more potentially affected by CVE-2018-14505 via mitmproxy (>=10.1.5 <=4.0.3)

mitmproxy PYPI version =10.1.5, =0.2.2, =1.0.0, =0.1.1, =0.2.0, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.11, =1.0.5, =0.1.0, =0.2.0, =0.72.2, =0.75.43 and more Source cves: CVE-2018-14505 Source advisory: OSV:PYSEC-2018-56...