CVE-2023-45614

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities resul...

CVE-2023-45614

Summary of CVE-2023-45614 (Aruba/PAPI) Affected: Aruba devices exposing the PAPI (Aruba Access Point Management Protocol) over UDP port 8211. Vulnerability: Buffer overflow in the underlying CLI service.-Impact: Unauthenticated remote code execution with arbitrary code execution as a privileged O...

Patch Tuesday - November 2023

Microsoft is addressing 64 vulnerabilities this November Patch Tuesday, including five zero-day vulnerabilities as well as one critical remote code execution RCE vulnerability. Overall, this month sees significantly fewer vulnerabilities addressed across a smaller number of products than has been...

CVE-2023-29177

Multiple buffer copy without checking size of input 'classic buffer overflow' vulnerabilities CWE-120 in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests...

CVE-2023-29177

Multiple buffer copy without checking size of input 'classic buffer overflow' vulnerabilities CWE-120 in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests...

Buffer overflow

Multiple buffer copy without checking size of input 'classic buffer overflow' vulnerabilities CWE-120 in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests...

CVE-2023-36052

Azure CLI REST Command Information Disclosure Vulnerability...

CVE-2023-36052

Azure CLI REST Command Information Disclosure Vulnerability...

Information disclosure

Azure CLI REST Command Information Disclosure Vulnerability...

Improper access control

An improper access control vulnerability CWE-284 in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to superadmin via a specific crafted configuration of fabric...

CVE-2023-29177

Multiple buffer copy without checking size of input 'classic buffer overflow' vulnerabilities CWE-120 in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests...

CVE-2023-29177

Multiple buffer copy without checking size of input 'classic buffer overflow' vulnerabilities CWE-120 in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests...

CVE-2023-36052 Azure CLI REST Command Information Disclosure Vulnerability

...

CVE-2023-36052

CVE-2023-36052 relates to an information-disclosure vulnerability in Azure CLI REST Command within Microsoft Azure. Affected component: Azure CLI REST endpoints; underlying issue is information exposure leading to sensitive data disclosure. CVSS 3.1 score 8.6 (HIGH) with network attack vector and...

Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI

Summary The Microsoft Security Response Center MSRC was made aware of a vulnerability where Azure Command-Line Interface CLI could expose sensitive information, including credentials, through GitHub Actions logs. The researcher, from Palo Alto Networks Prisma Cloud, found that Azure CLI commands...

Azure CLI REST Command Information Disclosure Vulnerability

...

PT-2023-6965 · Microsoft · Azure Cli

Name of the Vulnerable Software and Affected Versions: Azure CLI versions prior to the fixed version Description: The issue is related to a lack of protection for service data in the Azure CLI interface, which can be exploited by a remote attacker to gain access to credentials. The estimated numb...

PT-2023-29600 · Hewlett Packard +1 · Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue concerns unauthenticated Denial-of-Service DoS vulnerabilities in the CLI service accessed via the PAPI protocol. Successful exploitation allows an attacker to interrupt the...

Aruba Networks ArubaOS and InstantOS Security Vulnerabilities

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS and InstantOS that originates from an authenticated denial of service...

PT-2023-29597 · Aruba · Aruba Access Point

Name of the Vulnerable Software and Affected Versions: Aruba access point affected versions not specified Description: The issue concerns arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI, which is Aruba's access point management protocol. Successful exploitation of thes...