Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.13.5 security update

Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

Oracle Linux 8 : aardvark-dns (ELSA-2023-12579)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12579 advisory. - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.11.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

CVE-2021-43072

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version...

CVE-2021-43072

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version...

CVE-2021-43072

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version...

CVE-2023-36838

An Out-of-bounds Read vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service DoS. If a low privileged user executes a specific CLI command, flowd which is responsible for...

CVE-2023-36838

An Out-of-bounds Read vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service DoS. If a low privileged user executes a specific CLI command, flowd which is responsible for...

PT-2023-35907 · Git +1 · Clamav

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. The crash occurs in the initialize encryption key function, which is called by cli ole2 extra...

CVE-2023-20210

A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted...

CVE-2023-20210

CVE-2023-20210 affects Cisco BroadWorks. The issue is caused by insufficient input validation in the operating system CLI, enabling an authenticated, local attacker with BroadWorks admin privileges to execute commands as the root user on the affected device. The exploit requires crafting a comman...

MSPM0L1306-HAL (>=0.1.0 <=0.1.6), a4 (>=0.0.1 <=0.0.4) +863 more potentially affected by unknown CVE via atomic-polyfill (=1.0.3)

atomic-polyfill CARGO version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on atomic-polyfill and may be impacted: - MSPM0L1306-HAL =0.1.0, =0.0.1, =0.0.3, =0.23.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.1, =0.5.2 and more...

Command injection

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

CVE-2023-23777

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

Stylelint has vulnerability in semver dependency

Summary Our meow dependency which we use for our CLI depended on [email protected] . A vulnerability in this version of semver was recently identified and surfaced by npm audit: Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw Details Original post by the...

snyk Code Injection vulnerability

The package snyk before 1.1064.0 is vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application...

CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code.

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise security update

Red Hat OpenShift Container Platform release 4.10.63 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

Cisco BroadWorks 安全漏洞

Cisco BroadWorks is a carrier-grade unified communications software platform from Cisco. It is used to deploy cloud calls from public network platforms on any type of wired or wireless network architecture. A security vulnerability exists in Cisco BroadWorks that stems from insufficient input...

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform allows a attacker to disclose protected information.

The vulnerability of the command-line interface of the Aruba EdgeConnect Enterprise network management platform is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability can allow a malicious actor to disclose protected information...