CVE-2024-20262

A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service DoS condition. The attacker would require valid user credentials to...

CVE-2024-20262

CVE-2024-20262 affects Cisco IOS XR Software SCP/SFTP CLI handling. The issue is a lack of validation of SCP and SFTP CLI input parameters, enabling an authenticated, local attacker to create or overwrite files in a system directory and cause a DoS. Exploitation requires a local user with valid c...

Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service DoS condition. The attacker would require valid user credentials to...

USN-6693-1: .NET vulnerability

It was discovered that .NET did not properly handle certain specially crafted requests. An attacker could potentially use this issue to cause a resource leak, leading to a denial of service...

Fedora: Security Advisory (FEDORA-2024-cafa04a149)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: exercism-3.3.0-1.fc39

Exercism provides a way to do the problems on https://exercism.io. This CLI ships as a binary with no additional run-time requirements. This mea ns that if you're doing the Haskell problems on exercism you don't need a working Python or Ruby environment simply to fetch and submit exercises...

AZL-35840 CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-19

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

AZL-35879 CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-16

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

Fedora: Security Advisory for java-jd-decompiler (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for apache-commons-cli (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco FXOS Software Link Layer Discovery Protocol DoS (cisco-sa-nxos-lldp-dos-z7PncTgt)

According to its self-reported version, Cisco FXOS is affected by a vulnerability. The vulnerability lies in the Link Layer Discovery Protocol LLDP feature of Cisco FXOS Software and could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device...

[SECURITY] Fedora 40 Update: apache-commons-cli-1.6.0-5.fc40

The CLI library provides a simple and easy to use API for working with the command line arguments and options...

ardaku (=0.1.0), argon (=0.1.0) +11 more potentially affected by CVE-2024-28123 via wasmi (>=0.19.0 <=0.30.0)

wasmi CARGO version =0.19.0, =0.4.0, =0.2.3, =0.2.3, =0.2.3, =0.1.0, =0.30.0 - wright =0.7.0 Source cves: CVE-2024-28123 Source advisory: OSV:GHSA-75JP-VQ8X-H4CQ...

Input validation

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration...

CVE-2023-42662 JFrog Artifactory Improper SSO Mechanism may lead to Exposure of Access Tokens

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration...

Cypress Solutions CTM-200 Security Vulnerability

The Cypress Solutions CTM-200 is a wireless gateway from Cypress Solutions. A security vulnerability exists in Cypress Solutions CTM-200 v2.7.1.5600 and earlier versions that stems from an operating system command injection vulnerability via the clitext parameter...

BIT-TENSORFLOW-2021-41228 Code injection in `saved_model_cli`

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...

BIT-SILVERSTRIPE-2020-6164

In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to...

BIT-SQLITE-2022-46908

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

BIT-RABBITMQ-2021-32718 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...