CVE-2024-39556

Summary of CVE-2024-39556 : A stack-based buffer overflow vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker with CLI access to load a crafted certificate via the set security certificates command, potentially crashing the command management da...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.21 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.21 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

@persistr/cli (>=2.7.1 <=2.9.1), spidersharkcli (>=0.0.4 <=0.0.8) potentially affected by CVE-2024-21524 via node-stringbuilder (=2.2.7)

node-stringbuilder NPM version =2.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on node-stringbuilder and may be impacted: - @persistr/cli =2.7.1, =0.0.4, =0.0.8 Source cves: CVE-2024-21524 Source advisory: OSV:GHSA-G533-XQ5W-JMF3...

PT-2024-5354 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Junos OS Evolved versions 22.3-EVO before 22.3R2-EVO Junos OS Evolved versions 22.4-EVO before 22.4R1-S1-EVO, 22.4R2-EVO Description: An Improper Neutralization of Special Elements issue in Juniper Networks Junos OS Evolved commands allows a...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2024-20399)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configurati...

Siemens RUGGEDCOM APE 1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Metasploit Weekly Wrap-Up 07/05/2024

I still like to MOVEit MOVEit This week, our very own sfewer-r7 added a new exploit module that leverages an authentication bypass vulnerability in the MOVEit Transfer SFTP service CVE-2024-5806. It is possible to authenticate to the SFTP service as any user as long as a valid username is known a...

Azure CLI Credentials Gatherer

This module will collect the Azure CLI 2.0+ az cli settings files for all users on a given target. These configuration files contain JWT tokens used to authenticate users and other subscription information. Once tokens are stolen from one host, they can be used to impersonate the user from a...

Malicious code in cli-pkg-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7a7aae8c7f3c482a70cb9cd90ee7c66cdab49f87aea5f39075c02aef180ad54a The OpenSSF Package Analysis project identified 'cli-pkg-test' @ 4.0.0 npm as malicious. It is considered malicious because: - The package...

airflow-dbt-python (>=0.2.0 <=3.6.0), alvin-cli (>=0.0.1a0 <=1.3.0rc1) +292 more potentially affected by CVE-2024-40637 via dbt-core (>=0.14.0 <=1.6.13)

dbt-core PYPI version =0.14.0, =0.2.0, =0.0.1a0, =1.0.0a1, =0.0.3, =0.3.8, =1.0.6, =0.2.0, =0.11.2, =0.5.6, =0.0.1a1, =0.4.0, =0.11.2 and more Source cves: CVE-2024-40637 Source advisory: SNYK:PYTHON-DBTCORE-7430282...

CBL Mariner 2.0 Security Update: python-tqdm (CVE-2024-34062)

The version of python-tqdm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34062 advisory. - tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g...

CBL Mariner 2.0 Security Update: cert-manager / helm / moby-cli / moby-compose / moby-engine (CVE-2023-2253)

The version of cert-manager / helm / moby-cli / moby-compose / moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2253 advisory. - A flaw was found in the /v2/catalog endpoint in...

CBL Mariner 2.0 Security Update: docker-compose / moby-engine / docker-buildx / moby-cli (CVE-2024-23653)

The version of docker-compose / moby-engine / docker-buildx / moby-cli installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23653 advisory. - BuildKit is a toolkit for converting source code to build...

Cisco NX-OS Command Injection Vulnerability

Cisco NX-OS contains a command injection vulnerability in the command line interface CLI that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device...

GO-2024-2912 Docker CLI leaks private registry credentials to registry-1.docker.io in github.com/docker/cli

Docker CLI leaks private registry credentials to registry-1.docker.io in github.com/docker/cli...

CVE-2024-20399

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...

CVE-2024-20399

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...

CVE-2024-20399 Cisco NX-OS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...

CVE-2024-20399 Cisco NX-OS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...

CVE-2024-20399

Cisco NX-OS Software contains a CLI command injection vulnerability (CVE-2024-20399) that could allow an authenticated administrator to execute arbitrary root commands on the underlying OS. The issue arises from insufficient validation of parameters passed to specific configuration CLI commands, ...