RHEL 8 : Release of openshift-serverless-clients kn 1.33.1 security updatees (Moderate) (RHSA-2024:4867)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4867 advisory. Red Hat OpenShift Serverless Client kn 1.33.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.33.1. The kn CLI is delivered as an RPM...

RHEL 8 / 9 : OpenShift Container Platform 4.15.23 (RHSA-2024:4702)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4702 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

CVE-2024-41136

CVE-2024-41136 affects HPE Aruba Networking EdgeConnect SD-WAN gateways; the issue is an authenticated command injection in the device’s Command Line Interface that can lead to arbitrary command execution as a privileged user on the underlying OS. Multiple connected sources corroborate an authent...

PT-2024-29286 · Hewlett Packard · Hpe Aruba Networking Edgeconnect Sd-Wan Gateway

Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking EdgeConnect SD-WAN gateway affected versions not specified Description: A vulnerability exists in the Command Line Interface of the HPE Aruba Networking EdgeConnect SD-WAN gateway, allowing remote authenticated users to r...

PT-2024-29287 · Hewlett Packard · Hpe Aruba Networking Edgeconnect Sd-Wan Gateway

Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking EdgeConnect SD-WAN gateway affected versions not specified Description: A vulnerability exists in the Command Line Interface of the HPE Aruba Networking EdgeConnect SD-WAN gateway, allowing remote authenticated users to r...

CBL Mariner 2.0 Security Update: cf-cli / cri-o / gh / libcontainers-common (CVE-2021-43565)

The version of cf-cli / cri-o / gh / libcontainers-common installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-43565 advisory. - The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of...

CVE-2021-43565 affecting package cf-cli for versions less than 8.4.0-18

CVE-2021-43565 affecting package cf-cli for versions less than 8.4.0-18. A patched version of the package is available...

CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15

CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15. A patched version of the package is available...

GHSA-HCMV-JMQH-FJGM ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

Summary The issue here is that we pass the secret content as one of the args via CLI. This issue may affect any of our charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. There are two points that may log this command, in...

ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

Summary The issue here is that we pass the secret content as one of the args via CLI. This issue may affect any of our charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. There are two points that may log this command, in...

CVE-2024-41129

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processi...

CVE-2024-41129 The ops library leaks secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processi...

CVE-2024-41129

The CVE-2024-41129 issue affects the ops library (Python framework used with Juju charms) where secret content can be passed as a CLI argument, potentially exposing secrets via subprocess.CalledProcessError logging. Connected Red Hat, Veracode, OSV, and CVE records confirm the root cause and indi...

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2024-673)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-673 advisory. Memory handling issue in editcap could cause denial of service via crafted capture file CVE-2024-4853 MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14,...

CVE-2024-41124

Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. APIURLS is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by...

CVE-2024-6916

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...

CVE-2024-6916 Zowe CLI --show-inputs-only displays securely stored properties

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...

CVE-2024-6916 Zowe CLI --show-inputs-only displays securely stored properties

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...

CVE-2024-6916

CVE-2024-6916 affects the Zowe CLI, where a local, privileged actor can display securely stored properties in cleartext in a terminal by using the --show-inputs-only flag. The vulnerability is introduced in the CLI’s handling of inputs and exposes secrets that should remain confidential. Reported...

Credentials Exposure

Zowe CLI is vulnerable to a credentials exposure. The vulnerability is due to insecure storage of credentials in the Zowe CLI's auto-init operation, allowing attackers to access and potentially misuse sensitive information stored in a plaintext file...