CVE-2024-38817

VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root...

CVE-2024-38817

VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root...

Vulnerabilities fixed in Microsoft Azure components

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges or execute code with administrator privileges. Azure Monitor: |----------------|------|-------------------------------------| | CVE ID | CVS...

Malicious code in msdhsfhjfj-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 932d9efe887d64209a4ce155d5f224a976b49eb001d725016073b83f2d8b3bcd The OpenSSF Package Analysis project identified 'msdhsfhjfj-cli' @ 9.4.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in protobufj-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4ed062cce3f1c6c84bfdb6183ed9db3baafed65d7695929d1747b34a9dcdbba8 The OpenSSF Package Analysis project identified 'protobufj-cli' @ 9.1.1 npm as malicious. It is considered malicious because: - The package...

MAL-2024-9102 Malicious code in protobufj-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4ed062cce3f1c6c84bfdb6183ed9db3baafed65d7695929d1747b34a9dcdbba8 The OpenSSF Package Analysis project identified 'protobufj-cli' @ 9.1.1 npm as malicious. It is considered malicious because: - The package...

BIT-JENKINS-2024-47804

If an attempt is made to create an item of a type prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API and either of these checks fail, Jenkins LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk,...

GHSA-62JV-J4W7-5HH8 Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

CVE-2024-20492 Cisco Expressway Series Privilege Escalation Vulnerability

A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level...

CVE-2024-20432

Cisco Nexus Dashboard Fabric Controller (NDFC) is affected by CVE-2024-20432 via a REST API and web UI command-injection flaw caused by improper user authorization and insufficient validation of command arguments. A low-privilege, authenticated attacker could submit crafted commands to affected R...

CVE-2024-20432 Cisco Nexus Dashboard Fabric Controller Web UI Command Injection Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-47805

CVE-2024-47805 affects Jenkins Credentials Plugin and does not redact encrypted values of credentials using the SecretBytes type in item config.xml accessed via REST API or CLI. Vulnerable versions include 1380.va_435002fa_924 and earlier, with some exceptions (e.g., 1371.1373.v4eb_fa_b_7161e9). ...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

RHSA-2023:6165 Red Hat Security Advisory: skupper-cli and skupper-router security update

Bulletin has no description...

RHEL 8 / 9 : OpenShift Container Platform 4.15.35 (RHSA-2024:7182)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:7182 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

@unete/cli (>=1.0.0-13 <=1.0.0-17), bootcamp-cli (=0.0.1) potentially affected by CVE-2024-21531 via git-shallow-clone (=0.0.2)

git-shallow-clone NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on git-shallow-clone and may be impacted: - @unete/cli =1.0.0-13, =1.0.0-17 - bootcamp-cli =0.0.1 Source cves: CVE-2024-21531 Source advisory: OSV:GHSA-QWRQ-VXVW-537R...