jenkins -- Terrapin SSH vulnerability in Jenkins CLI client

Jenkins Security Advisory: Description Medium SECURITY-3386 / CVE-2023-48795 Terrapin SSH vulnerability in Jenkins CLI client...

CVE-2024-30378

A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon bbe-smgd to crash upon execution of specific CLI commands, creating a Denial of Service DoS condition. The...

CVE-2024-30378

This CVE describes a Use After Free in the MX Series bbe-smgd daemon of Junos OS during certain CLI commands, causing the broadband edge service manager to crash and restart (DoS). Affected software: Junos OS on MX Series with GRES and Subscriber Management enabled. Root cause: writing into an mg...

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

New cybersecurity research has found that command-line interface CLI tools from Amazon Web Services AWS and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some...

Privilege Escalation

Amazon AWS Amplify CLI is vulnerable to Privilege Escalation. The vulnerability is due to the mishandling of role trust policies when the Authentication component is removed, leaving "Effect":"Allow" in place without conditions, thus exposing sts:AssumeRoleWithWebIdentity to potential misuse...

GHSA-846G-P7HM-F54R AWS Amplify CLI has incorrect trust policy management

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

AWS Amplify CLI has incorrect trust policy management

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

CVE-2024-28056

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

CVE-2024-28056

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

PT-2024-22240 · Amazon · Amazon Aws Amplify Cli

Name of the Vulnerable Software and Affected Versions: Amazon AWS Amplify CLI versions prior to 12.10.1 Description: The issue arises when the Authentication component is removed from an Amplify project, resulting in the removal of a Condition property but leaving "Effect":"Allow" present. This...

CVE-2024-28056

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

Siemens Scalance W1750D Improper Input Validation (CVE-2023-45620)

Unauthenticated Denial-of-Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. This plugin only works with Tenable.ot. Please visi...

Siemens Scalance W1750D Improper Input Validation (CVE-2023-45617)

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI Aruba's access point management protocol. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to...

Siemens Scalance W1750D Improper Input Validation (CVE-2023-45627)

An authenticated Denial-of-Service DoS vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. This plugin only works with Tenable.ot. Please visit...

Siemens Scalance W1750D Buffer Copy without Checking Size of Input (CVE-2023-45614)

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities resul...

CVE-2024-30384

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service Dos. If a specific CLI command is issued, a PFE crash wi...

CVE-2024-30384 Junos OS: EX4300 Series: If a specific CLI command is issued PFE crashes will occur

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service Dos. If a specific CLI command is issued, a PFE crash wi...

CVE-2024-30384 Junos OS: EX4300 Series: If a specific CLI command is issued PFE crashes will occur

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service Dos. If a specific CLI command is issued, a PFE crash wi...

GHSA-J5VM-7QCC-2WWG Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output

Impact What kind of vulnerability is it? Who is impacted? Storage credentials are written to the console. Patches Has the problem been patched? Yes, see 3589 What versions should users upgrade to? - Any version after or including commit 1d6f852cd6534f4bea978cbdc85c583803d79f77 - No release has be...

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output

Impact What kind of vulnerability is it? Who is impacted? Storage credentials are written to the console. Patches Has the problem been patched? Yes, see 3589 What versions should users upgrade to? - Any version after or including commit 1d6f852cd6534f4bea978cbdc85c583803d79f77 - No release has be...