Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.16.6 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2024-678)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-678 advisory. The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that...

Amazon Linux 2023 : python3-tqdm (ALAS2023-2024-690)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-690 advisory. tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. Th...

The vulnerability of the command-line interface (CLI) of the Junos OS Evolved routers from the PTX Series, ACX Series, and QFX Series allows a attacker to elevate their privileges to the root level.

The vulnerability of the command-line interface CLI of Junos OS Evolved routers from the PTX Series, ACX Series, and QFX Series exists due to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability can allow attackers to elevate...

The vulnerability of the command-line interface (CLI) of the Junos OS Evolved routers from the PTX Series, ACX Series, and QFX Series allows a attacker to elevate their privileges to the root level.

The vulnerability of the command-line interface CLI of Junos OS Evolved routers from the PTX Series, ACX Series, and QFX Series exists due to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability can allow an attacker to elevate...

PT-2024-29995 · Aruba · Aruba Access Point

Name of the Vulnerable Software and Affected Versions: Aruba Access Points affected versions not specified Description: Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI...

biscuit-cli (>=0.4.1 <=0.4.2) potentially affected by CVE-2024-41949 +1 more via biscuit-auth (=4.1.1)

biscuit-auth CARGO version =4.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on biscuit-auth and may be impacted: - biscuit-cli =0.4.1, =0.4.2 Source cves: CVE-2024-41949, CVE-2024-42350 Source advisory: OSV:GHSA-P9W4-585H-G3C7...

Elasticsearch stores private key on disk unencrypted

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.24 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.24 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Microsoft Azure VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure VSTS CLI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Azure VSTS CLI. When installed from the Microsoft Container...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 Because of a misconfiguration of a default o...

Malicious code in sumo-py-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6ed9233fda861428b541d5a3188300bb67c877f6998c43e808dc5910b7113b4d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in nifty-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b2e94e5fff47d4815f87f6dc9ba29b20022d6022c37e0b32ba9e3df81111eb5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in pd-py-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a736772e9e597e421d82f4148fe6b608acb28b363db608096df90e782cce4af7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-2979 Malicious code in nifty-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b2e94e5fff47d4815f87f6dc9ba29b20022d6022c37e0b32ba9e3df81111eb5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-11656 Malicious code in pd-py-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a736772e9e597e421d82f4148fe6b608acb28b363db608096df90e782cce4af7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-9941 Malicious code in appetize-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7f0791abf81cd0c979559b6938727478a6af6e21ceb08371567a9e0347b1e079 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-11715 Malicious code in sumo-py-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6ed9233fda861428b541d5a3188300bb67c877f6998c43e808dc5910b7113b4d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Docker Desktop Daemon CLI External Control of File Path Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Moderate: Red Hat Security Advisory: Release of openshift-serverless-clients kn 1.33.1 security update and bug fixes

Red Hat openshift-serverless-clients kn 1.33.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...