Ubuntu 24.04 LTS / 24.10 : GitHub CLI vulnerability (USN-7130-1)

The remote Ubuntu 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7130-1 advisory. It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if t...

Exploit for OS Command Injection in Yogeshojha Rengine

reNgine 2.2.0 - Command Injection - CVE-2023-50094 Descri...

Malicious code in kiosk-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7f59314a206c7faa0082a49930dfe6b18851236824c9539436bf92a3f71a08a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10893 Malicious code in kiosk-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c7f59314a206c7faa0082a49930dfe6b18851236824c9539436bf92a3f71a08a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fedora 41 : php (2024-3891a08c9e)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3891a08c9e advisory. PHP version 8.3.14 21 Nov 2024 CLI: Fixed bug GH-16373 Shebang is not skipped for router script in cli-server started through shebang. ilutov Fixed...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 is a serious vulnerability in the Web UI function...

The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData security event monitoring and analysis tools, allows a perpetrator to execute arbitrary code.

The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData security event monitoring and analysis tools, exists due to the failure to take measures to neutralize specific elements. Exploiting...

alist-tvbox 安全漏洞

alist-tvbox is an AList TvBox proxy server by Harold Personal Developer. A security vulnerability exists in alist-tvbox version v1.7.1, which stems from a vulnerability that allows remote attackers to execute arbitrary code via the /atv-cli file...

CVE-2024-48747

An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file...

PT-2024-33200 · Unknown · Alist-Tvbox

Name of the Vulnerable Software and Affected Versions: alist-tvbox version 1.7.1 Description: The issue allows a remote attacker to execute arbitrary code via the "/atv-cli" file. This enables the attacker to potentially gain control over the system, allowing for unauthorized actions...

Malicious code in npm-cli-release-please (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware feabb1bb20620ae160755e66696df9de9c058ba94e59b0cd910e81fa6a1829a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10848 Malicious code in npm-cli-release-please (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware feabb1bb20620ae160755e66696df9de9c058ba94e59b0cd910e81fa6a1829a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GO-2024-3269 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli

Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli...

leapp bug fix and enhancement update

An update is available for leapp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Leapp utility provides the possibility to use the Leapp framework via CLI. The...

Vulnerability fixed in GitHub CLI

GitHub has fixed a vulnerability in GitHub CLI Specifically for versions 2.6.1 and earlier. The vulnerability is in how GitHub CLI manages SSH connection details. This could allow malicious actors to execute arbitrary code on the user's workstation when connecting to a malicious Codespace SSH...

CVE-2021-1462

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an affected system. The vulnerability is due to...

CVE-2020-26071 Cisco SD-WAN vEdge Arbitrary File Creation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service DoS condition. The vulnerability is due to insufficient input validation for specific commands. ...

CVE-2021-1462 Cisco SD-WAN vManage Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an affected system. The vulnerability is due to...

[SECURITY] Fedora 41 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc41

PHPCompatInfo will parse a file/folder/array to find out the minimum version and extensions required for it to run. CLI version has many reports extension, interface, class, function, constant to display and ability to show content of dictionary references...

[SECURITY] Fedora 40 Update: php-bartlett-PHP-CompatInfo-7.1.4-3.fc40

PHPCompatInfo will parse a file/folder/array to find out the minimum version and extensions required for it to run. CLI version has many reports extension, interface, class, function, constant to display and ability to show content of dictionary references...