SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2543-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2543-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...

CVE-2024-20435

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...

CVE-2024-20435

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...

CVE-2024-20435

CVE-2024-20435 affects Cisco Secure Web Appliance (AsyncOS) CLI. The root cause is insufficient input validation in the CLI, allowing an authenticated, local attacker to execute arbitrary commands and elevate to root. The attack requires at least guest credentials and is local, with impact on con...

Cisco Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this...

@ibm/rse-api-for-zowe-cli (>=3.2.2 <=4.1.0), @zowe/zowe-explorer-api (>=2.13.0 <=2.15.0) potentially affected by CVE-2024-6833 via @zowe/cli (>=7.18.0 <=7.23.3)

@zowe/cli NPM version =7.18.0, =3.2.2, =2.13.0, =2.15.0 Source cves: CVE-2024-6833 Source advisory: OSV:GHSA-GHGQ-X6WC-6JR5...

GHSA-GHGQ-X6WC-6JR5 Zowe CLI allows storage of previously entered secure credentials in a plaintext file

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

Zowe CLI allows storage of previously entered secure credentials in a plaintext file

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=7.2.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=7.2.0 <=7.4.5) +407 more potentially affected by CVE-2023-7272 via org.eclipse.parsson:parsson (>=1.0.0 <=1.0.3)

org.eclipse.parsson:parsson MAVEN version =1.0.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =1.0, =0.3.8, =0.3.0, =0.2.3, =1.1.0, =1.2.0 and more Source cves: CVE-2023-7272 Source advisory: OSV:GHSA-2RWM-XV5J-777P...

CVE-2024-6833

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

CVE-2024-6833 Zowe CLI Auto-Init Leaks Credentials Locally

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

CVE-2024-6833 Zowe CLI Auto-Init Leaks Credentials Locally

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...

CVE-2024-6833

CVE-2024-6833 affects Zowe CLI. A local, privileged attacker can exploit an auto-init operation to cause credentials entered by a user to be written to a plaintext file, exposing sensitive information. The vulnerability is described as a credentials exposure via insecure storage in the auto-init ...

PT-2024-37892 · Zowe Cli · Zowe Cli

Name of the Vulnerable Software and Affected Versions: Zowe CLI affected versions not specified Description: A local, privileged actor can store previously entered secure credentials in a plaintext file as part of an auto-init operation. Recommendations: At the moment, there is no information abo...

RHEL 8 / 9 : OpenShift Container Platform 4.13.45 (RHSA-2024:4486)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4486 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

How to Reattach a Forgotten Integrated StorageLink (iSL) Storage Repository

This article describes how to reattach a forgotten Intergrated StorageLink iSL Storage Repository SR. Requirements CLI access to XenServer master host XenCenter Access...

CVE-2024-39536

A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon ppmd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service DoS. When a BFD session configured with authentication...

CVE-2024-39548 Junos OS Evolved: Receipt of specific packets in the aftmand process will lead to a memory leak

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service DoS condition. The processes do not recover on their own and must be...

CVE-2024-39548

CVE-2024-39548 describes an Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved. An unauthenticated, network-based attacker can cause memory consumption leading to a Denial of Service; affected systems do not recover automatically and requir...

CVE-2024-39548 Junos OS Evolved: Receipt of specific packets in the aftmand process will lead to a memory leak

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service DoS condition. The processes do not recover on their own and must be...