PT-2024-18650 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system...

@bitrefill/airfill-widget (>=4.2.2 <=4.8.3), @chialab/rna-cli (>=2.2.0 <=4.0.0-beta.22) +94 more potentially affected by CVE-2024-21528 via node-gettext (>=0.1.2 <=3.0.0)

node-gettext NPM version =0.1.2, =4.2.2, =2.2.0, =2.2.0, =0.9.1, =1.1.2, =4.1.0-alpha.1, =0.0.4, =5.2.0-alpha.13, =5.2.0, =1.0.6, =1.0.17, =1.0.3, =4.1.2, =2.0.0, =2.3.1 and more Source cves: CVE-2024-21528 Source advisory: OSV:GHSA-G974-HXVM-X689...

Fedora: Security Advisory (FEDORA-2023-af8489dc5b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-684eb03db0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-d88521bfc5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-G4GC-RH26-M3P5 vulnerabilities

Vulnerabilities for packages: keycloak-config-cli...

GHSA-G4GC-RH26-M3P5 vulnerabilities

Vulnerabilities for packages: keycloak-config-cli...

CVE-2024-7318 vulnerabilities

Vulnerabilities for packages: keycloak-config-cli...

Path Traversal

Stripe-CLI is vulnerable to path traversal. The vulnerability is due to improper validation of plugin shortnames in the manifest when installing plugins using the --archive-url or --archive-path flags, allowing an attacker to overwrite arbitrary files on the system by exploiting the path traversa...

GO-2024-3119 Path traversal vulnerability in stripe-cli in github.com/stripe/stripe-cli

Path traversal vulnerability in stripe-cli in github.com/stripe/stripe-cli...

amaryllis (=0.1.0), archivist (=0.0.1) +26 more potentially affected by unknown CVE via webp (>=0.1.3 <=0.2.6)

webp CARGO version =0.1.3, =0.1.0, =0.0.4-alpha, =0.24.6, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.21.0, =0.21.0, =0.21.0, =0.21.0, =0.22.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0443...

CVE-2024-45401

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...

CVE-2024-45401 stripe-cli Path Traversal vulnerability

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...

CVE-2024-45401

Summary: CVE-2024-45401 affects stripe-cli. In versions 1.11.1 up to, but not including, 1.21.3, a plugin package with a manifest containing a malformed plugin shortname installed via --archive-url or --archive-path could overwrite arbitrary files (path traversal). Impact: local file overwrite vi...

CVE-2024-45401 stripe-cli Path Traversal vulnerability

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...

GHSA-FV4G-GWPJ-74GR Path traversal vulnerability in stripe-cli

Impact A vulnerability exists in stripe-cli versions 1.11.1 and higher where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update addresses the path traversal vulnerability by...

Path traversal vulnerability in stripe-cli

Impact A vulnerability exists in stripe-cli versions 1.11.1 and higher where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update addresses the path traversal vulnerability by...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers c...

Stripe CLI 安全漏洞

Stripe CLI is a command line tool for the Stripe e-commerce platform from Stripe Ireland. A security vulnerability exists in Stripe CLI version 1.11.1 and later versions, which stems from the inclusion of plug-in packages with formatting errors that can overwrite arbitrary files...

Nuclei Template Signature Verification Bypass

Summary A vulnerability has been identified in Nuclei's template signature verification system that could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. Affected Component The vulnerability is present in the template signature...