CVE-2024-20399 Cisco NX-OS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...

CVE-2024-20399

Cisco NX-OS Software contains a CLI command injection vulnerability (CVE-2024-20399) that could allow an authenticated administrator to execute arbitrary root commands on the underlying OS. The issue arises from insufficient validation of parameters passed to specific configuration CLI commands, ...

@aofl/cli (>=2.1.0-3.0.0-alpha.0 <=4.0.0-alpha.45), @aofl/cli-lib (>=3.0.0-alpha.3 <=3.0.0-beta.37) +5 more potentially affected by CVE-2024-38987 via @aofl/cli-lib (>=2.1.0-3.0.0-alpha.0 <=4.0.0-alpha.45)

@aofl/cli-lib NPM version =2.1.0-3.0.0-alpha.0, =2.1.0-3.0.0-alpha.0, =3.0.0-alpha.3, =4.0.0-alpha.22, =3.0.0, =3.5.0, =3.0.0-alpha.6, =3.4.1-beta.0, =4.0.0-alpha.45 Source cves: CVE-2024-38987 Source advisory: OSV:GHSA-VG6V-JCG3-5MP7...

@aofl/cli-lib Prototype Pollution vulnerability

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

GHSA-VG6V-JCG3-5MP7 @aofl/cli-lib Prototype Pollution vulnerability

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38987

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38987

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38987

CVE-2024-38987 affects aofl cli-lib v3.14.0, where a prototype pollution flaw in the defaultsDeep component enables arbitrary property injection, potentially allowing code execution or DoS. The connected advisories (GHSA and OSV entries) corroborate the same flaw. No specific patches or remediati...

CVE-2024-38987

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-20399

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...

CVE-2024-38987

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

Debian: Security Advisory (DSA-5717-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1867)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1853)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco NX-OS Software CLI Comm Injection (cisco-sa-nxos-cmd-injection-xD9OhyOP)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This...

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.16.0 security and extras update

Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.31 security update

Red Hat OpenShift Container Platform release 4.14.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

GHSA-XFHP-JF8P-MH5W vulnerabilities

Vulnerabilities for packages: wolfictl, trivy, datadog-agent, trivy-fips, zarf, opentofu, terraform, zot, snyk-cli, terragrunt, conftest-fips, k9s, tfsec, tflint, conftest, kots, grype, datadog-agent-fips, kubescape...

GHSA-XFHP-JF8P-MH5W vulnerabilities

Vulnerabilities for packages: terraform, kots, tflint, snyk-cli, terragrunt, kubescape, zarf, wolfictl, conftest, grype, k9s, datadog-agent, zot, trivy, tfsec...

CVE-2024-6257 vulnerabilities

Vulnerabilities for packages: wolfictl, trivy, datadog-agent, trivy-fips, zarf, opentofu, terraform, zot, snyk-cli, terragrunt, conftest-fips, k9s, tfsec, tflint, conftest, kots, grype, datadog-agent-fips, kubescape...