8005 matches found
GHSA-265R-HFXG-FHMG vulnerabilities
Vulnerabilities for packages: nerdctl, trivy, dagger, datadog-agent, kaniko, kots, chartmuseum, kubevela, wolfictl, osv-scanner, flux-helm-controller, neuvector-scanner, ctop, opa, docker, zot, helm-operator, xeol, melange, k3s, helm, helm-push, eksctl, docker-cli-buildx, buildkitd, rancher-fleet...
Azure Linux 3.0 Security Update: cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb (CVE-2025-27144)
The version of cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27144 advisory. - Go JOSE provides an...
CVE-2025-2398
A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processing of the component CLI su Command Handler. The manipulation leads to use of default credentials...
CVE-2024-54027
A Use of Hard-coded Cryptographic Key vulnerability CWE-321 in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access t...
CVE-2024-40635 vulnerabilities
Vulnerabilities for packages: melange, flux-source-controller, docker-cli-buildx-fips, gatekeeper, chainctl, flux-helm-controller, opa-envoy, opa-fips-envoy, docker-compose, grype, xeol, cluster-api-helm-controller-fips, k3s, spegel, neuvector, fuse-overlayfs-snapshotter, kots, grype-fips, trivy,...
GHSA-265R-HFXG-FHMG vulnerabilities
Vulnerabilities for packages: melange, flux-source-controller, docker-cli-buildx-fips, gatekeeper, chainctl, flux-helm-controller, opa-envoy, opa-fips-envoy, docker-compose, grype, xeol, cluster-api-helm-controller-fips, k3s, spegel, neuvector, fuse-overlayfs-snapshotter, kots, grype-fips, trivy,...
CVE-2025-2398
A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processing of the component CLI su Command Handler. The manipulation leads to use of default credentials...
nvme-cli bug fix and enhancement update
An update is available for nvme-cli. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.5...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495 Secrets leakage to telemetry endpoint via cache backend configuration via buildx
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495
CVE-2025-0495 affects docker-buildx/moby-buildx (Buildx) where credentials set as attribute values in cache-to/cache-from can be captured by OpenTelemetry traces and BuildKit history. Exploitation status is not detailed in the provided sources. The vulnerability does not apply to secrets passed v...
CVE-2024-54027
A Use of Hard-coded Cryptographic Key vulnerability CWE-321 in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access t...
CVE-2020-29010
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensiti...
CVE-2024-46663
A stack-buffer overflow vulnerability CWE-121 in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands...
CVE-2025-20138
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...
Cisco IOS XR Software CLI Local Elevation of Privilege Vulnerability
Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. A local elevation of privilege vulnerability exists in the Cisco IOS XR Software CLI. The vulnerability is due to insufficient validation of user parameters passed to specific CLI...
CVE-2023-48795 affecting package cf-cli for versions less than 8.7.11-1
CVE-2023-48795 affecting package cf-cli for versions less than 8.7.11-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-22869 affecting package cf-cli for versions less than 8.7.11-2
CVE-2025-22869 affecting package cf-cli for versions less than 8.7.11-2. A patched version of the package is available...
CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13
CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13. A patched version of the package is available...