CVE-2023-4401

Dell SmartFabric Storage Software (Dell) vulnerability CVE-2023-4401: OS command injection in the CLI using the more command affects v1.4 and earlier, enabling root-level access for authenticated users (local/remote). Root cause: command injection via CLI command parsing. Impact: potential full s...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.30.1 security update

Red Hat OpenShift Serverless 1.30.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

PT-2023-29065 · Dell · Dell Smartfabric Storage

Name of the Vulnerable Software and Affected Versions: Dell SmartFabric Storage Software versions 1.4 and earlier Description: The issue is related to an OS Command Injection Vulnerability in the CLI use of the more command. A local or remote authenticated attacker could potentially exploit this...

CVE-2023-20235

The CVE-2023-20235 issue affects Cisco IOS XE IOS IOx application hosting workflow. It arises because Docker containers using the privileged runtime option are not blocked when in development mode, enabling an authenticated, remote attacker to access the underlying operating system as root via th...

[SECURITY] Fedora 37 Update: prrte-2.0.2-5.fc37

PRRTE is the PMIx Reference Run Time Environment. The project is formally referred to in documentation by "PRRTE", and the GitHub repository is "openpmix/prrte". However, we have found that most users do not like typing the two consecutive "r"s in the name. Hence, all of the internal API symbols,...

[SECURITY] Fedora 38 Update: prrte-2.0.2-5.fc38

PRRTE is the PMIx Reference Run Time Environment. The project is formally referred to in documentation by "PRRTE", and the GitHub repository is "openpmix/prrte". However, we have found that most users do not like typing the two consecutive "r"s in the name. Hence, all of the internal API symbols,...

(0Day) D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1260 and DIR-2150 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The issue...

PT-2023-5700 · D Link · D-Link Dap-2622

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2622 Description: This issue involves a command injection flaw within the Telnet CLI service, listening on TCP port 23, of the D-Link DAP-2622. The flaw stems from insufficient validation of user-supplied strings before they are us...

[SECURITY] Fedora 39 Update: prrte-2.0.2-5.fc39

PRRTE is the PMIx Reference Run Time Environment. The project is formally referred to in documentation by "PRRTE", and the GitHub repository is "openpmix/prrte". However, we have found that most users do not like typing the two consecutive "r"s in the name. Hence, all of the internal API symbols,...

Remote code execution

JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provid...

CVE-2023-43651 Remote code execution on the host system via MongoDB shell in jumpserver

JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provid...

CVE-2023-43651 Remote code execution on the host system via MongoDB shell in jumpserver

JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provid...

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...

CVE-2023-20253

A vulnerability in the command line interface cli management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to...

CVE-2023-20253

A vulnerability in the command line interface cli management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to...

Input validation

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...

Authorization

A vulnerability in the command line interface cli management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to...

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...

CVE-2023-20253

A vulnerability in the command line interface cli management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to...