Azure Linux 3.0 Security Update: cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes (CVE-2024-28180)

The version of cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28180 advisory. - Package jose aims to provide an...

Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / cf-cli / cni / containerized-data-importer / containernetworking-plugins / gh / keda / kubevirt (CVE-2022-32149)

The version of application-gateway-kubernetes-ingress / cf-cli / cni / containerized-data-importer / containernetworking-plugins / gh / keda / kubevirt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the...

CVE-2024-57078

A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

[SECURITY] Fedora 41 Update: rust-tealdeer-1.7.1-3.fc41

Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching support...

[SECURITY] Fedora 41 Update: rust-oo7-cli-0.3.3-4.fc41

System keyring access from the terminal...

[SECURITY] Fedora 41 Update: rust-eif_build-0.2.1-3.fc41

This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...

CVE-2021-26106

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

CVE-2021-44171

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged command...

CVE-2022-30301

A path traversal vulnerability CWE-22 in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...

CVE-2022-36035

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration like Git repositories, and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allow...

CVE-2024-57078

A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2022-24753

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...

CVE-2022-24711

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

CVE-2022-2225

By using warp-cli subcommands disable-ethernet, disable-wifi, it was possible for a user without admin privileges to bypass configured Zero Trust security policies e.g. Secure Web Gateway policies and features such as 'Lock WARP switch'...

CVE-2022-20775

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted...

CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

CVE-2024-52308

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...

CVE-2024-20326

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

CVE-2024-20398

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

CVE-2024-20389

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...