CVE-2025-21596 Junos OS: SRX1500,SRX4100,SRX4200: Execution of low-privileged CLI command results in chassisd crash

An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the 'show chassis environment pem' command to cause the chassis daemon...

CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / cert-manager / cf-cli / cni / cni-plugins (CVE-2024-45338)

The version of application-gateway-kubernetes-ingress / cert-manager / cf-cli / cni / cni-plugins installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45338 advisory. - An attacker can craft an input t...

CVE-2024-45033

CVE-2024-45033 affects Apache Airflow Fab Provider prior to 1.5.2. The root cause is insufficient session expiration: after a user’s password is changed via the admin CLI, the user’s existing sessions are not cleared, allowing continued access even after password changes. This issue is CLI-specif...

CVE-2024-45033 Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged...

PT-2025-1073

Name of the Vulnerable Software and Affected Versions Junos OS SRX Series versions prior to 21.4R3-S8 Junos OS SRX Series versions 22.2 through 22.2R3-S5 Junos OS SRX Series versions 22.3 through 22.3R3-S3 Junos OS SRX Series versions 22.4 through 22.4R3-S2 Junos OS SRX Series versions 23.2 throu...

The vulnerability of the `caf encrypt` and `sd_acmd encrypt` commands in the command-line interface (CLI) of Broadcom CA Client Automation software allows a malicious individual to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the caf encrypt and sdacmd encrypt commands in the command-line interface CLI of Broadcom CA Client Automation software relates to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges and gain unauthorized access to...

Cross-site Scripting (XSS)

Overview collaborative-article-sharing is a Command-line interface for interacting with the CAS API Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing validations of the redirectUri parameter. Details A cross-site scripting attack occurs when the attacker...

The vulnerability of the command-line interface (CLI) of the PAN-OS operating system, allowing a hacker to read arbitrary files

The vulnerability of the command-line interface CLI of the PAN-OS operating system is related to the lack of measures taken to neutralize substitution characters or characters that match each other. Exploiting this vulnerability can allow an attacker to read arbitrary files...

Authentication Token Leakage

github.com/cli/cli is vulnerable to authentication token leakage. The vulnerability is due to improper handling of the credential.helper configuration when cloning repositories with git submodules hosted outside of GitHub.com and ghe.com, causing authentication tokens to be exposed...

CVE-2024-45337 affecting package cf-cli for versions less than 8.7.3-4

CVE-2024-45337 affecting package cf-cli for versions less than 8.7.3-4. A patched version of the package is available...

CBL Mariner 2.0 Security Update: gh (CVE-2024-54132)

The version of gh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-54132 advisory. - The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CL...

GHSA-6V67-2WR5-GVF4 vulnerabilities

Vulnerabilities for packages: sonarqube, cassandra-fips, sonarqube-10, management-api-for-apache-cassandra-5.0, tez, thingsboard, zookeeper-fips, apache-nifi, cassandra, management-api-for-apache-cassandra-4.0, sonar-scanner-cli, akhq, trino, dependency-track, kserve-modelmesh, cassandra-reaper,...

CVE-2024-12798 vulnerabilities

Vulnerabilities for packages: sonarqube, cassandra-fips, sonarqube-10, management-api-for-apache-cassandra-5.0, tez, thingsboard, zookeeper-fips, apache-nifi, cassandra, management-api-for-apache-cassandra-4.0, sonar-scanner-cli, akhq, trino, dependency-track, kserve-modelmesh, cassandra-reaper,...

CVE-2021-26093

An access of uninitialized pointer CWE-824 vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command...

AZL-54473 CVE-2024-45338 affecting package cf-cli for versions less than 8.7.3-5

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

GHSA-32GQ-X56H-299C age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the age CLI through an attacker-controlled recipient or identity string, or to the plugin.NewIdentity, plugin.NewIdentityWithoutData, or plugin.NewRecipient APIs. ...

age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the age CLI through an attacker-controlled recipient or identity string, or to the plugin.NewIdentity, plugin.NewIdentityWithoutData, or plugin.NewRecipient APIs. ...

GHSA-4FG7-VXC8-QX5W rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or to the following age APIs when the plugin feature flag is enabled: -...

rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or to the following age APIs when the plugin feature flag is enabled: -...

@boostercloud/framework-provider-azure-infrastructure (>=3.1.0 <=3.4.4), @cdktf/cli-core (>=0.20.8 <=0.21.0-pre.151) +3 more potentially affected by unknown CVE via jsii (>=5.4.12 <=5.4.31)

jsii NPM version =5.4.12, =3.1.0, =0.20.8, =5.12.7, =0.20.8, =1.26.0, =1.29.0 Source cves: unknown CVE Source advisory: OSV:GHSA-M56H-5XX3-2JC2...