Security Bulletin: IBM Cloud Pak System cli is vulnerable to sensitive information exposure

Summary IBM Cloud Pak System cli is vulnerable to sensitive information exposure. CVE-2023-37405, CVE-2023-38272 Vulnerability Details CVEID:CVE-2023-37405 DESCRIPTION: IBM Cloud Pak System stores sensitive data in memory, that could be obtained by an unauthorized user. CWE:CWE-311: Missing...

Security update for azure-cli-core

This update for azure-cli-core fixes the following issues: CVE-2025-24049: Fixed improper neutralization of special elements used in a command allows an unauthorized attacker to elevate privileges locally bsc1239460. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2025:1019-1 Security update for azure-cli-core

This update for azure-cli-core fixes the following issues: - CVE-2025-24049: Fixed improper neutralization of special elements used in a command allows an unauthorized attacker to elevate privileges locally bsc1239460...

argocd-cli-2.14.8-1.1 on GA media (moderate)

argocd-cli-2.14.8-1.1 on GA media Announcement ID: openSUSE-SU-2025:14921-1 Rating: moderate Cross-References: CVE-2025-26791 CVSS scores: CVE-2025-26791 SUSE : 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2025-26791 SUSE : 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA...

1food-menu (>=0.0.1 <=0.2.3), 7qb-cli (=2.0.0) +2710 more potentially affected by CVE-2025-30208 via vite (>=0.14.4 <=4.5.1)

vite NPM version =0.14.4, =0.0.1, =1.0.0, =4.0.61, =4.0.61, =4.0.61, =4.0.61, =0.0.3, =1.0.1, =1.0.12, =0.0.4, =1.0.1, =1.0.7 and more Source cves: CVE-2025-30208 Source advisory: OSV:GHSA-X574-M823-4X7W...

Malicious code in sensort-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da08217a79ac25925bb75373056d29208390b88fa6a4e75d27f6c5889b5a4943 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2705 Malicious code in sensort-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da08217a79ac25925bb75373056d29208390b88fa6a4e75d27f6c5889b5a4943 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2644 Malicious code in asset_cli_tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 56eaa865141139174bfeca87a7ab5f743c5025167bf539b16b8688232094d479 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OPENSUSE-SU-2025:14921-1 argocd-cli-2.14.8-1.1 on GA media

These are all security issues fixed in the argocd-cli-2.14.8-1.1 package on the GA media of openSUSE Tumbleweed...

NetScaler: How to update AppFirewall signature from CLI

NetScaler: How to update AppFirewall signature from CLI...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 Jenkins RCE Arbitrary File Read CVE-2024-2389...

AZL-77496 CVE-2025-30204 affecting package dcos-cli for versions less than 1.2.0-24

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AZL-77493 CVE-2025-30204 affecting package cf-cli for versions less than 8.4.0-27

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AZL-77498 CVE-2025-30204 affecting package dcos-cli 1.2.0-20

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AWS CDK CLI prints AWS credentials retrieved by custom credential plugins

Summary The AWS Cloud Development Kit AWS CDK 1 is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. The AWS CDK CLI 2 is a command line tool for interacting with CDK applications. Customers can use the CDK CLI ...

CVE-2025-2598

When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....

CVE-2025-2598 AWS CDK CLI prints AWS credentials retrieved by custom credential plugins

When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....

Ubuntu: Security Advisory (USN-7362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Relative Path Traversal

Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Relative Path Traversal enabling the deletion of files on the target server. An attacker can delete critical files such as polyaxon.sock to cause a crash...

Cross-site Request Forgery (CSRF)

Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the create endpoint. An attacker who can convince a user to follow a malicious link can cause the creation of a...