CVE-2023-27993

A relative path traversal CWE-23 in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands...

FortiADC - Path traversal vulnerability in CLI

A relative path traversal vulnerability CWE-23 in FortiADC may allow a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

Malicious code in webpack-cli.legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 22737261df7f74819a3f3f968e6516db5e37f6621827d6148b290f7650b9992f The OpenSSF Package Analysis project identified 'webpack-cli.legacy' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2023-22924

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.14C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service DoS conditions by executing crafted CLI commands on a vulnerable device...

Buffer overflow

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.14C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service DoS conditions by executing crafted CLI commands on a vulnerable device...

CVE-2023-29058

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions...

Code injection

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions...

CVE-2023-29058

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions...

PortEx - Java Library To Analyse Portable Executable Files With A Special Focus On Malware Analysis And PE Malformation Robustness

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header,...

CVE-2023-2273 Rapid7 Insight Agent Directory Traversal

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

Command injection

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series...

CVE-2023-27991

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series...

CVE-2023-27991

Zyxel vulnerability CVE-2023-27991 is a post-authentication command injection in the CLI of Zyxel firewall devices (ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, ZyWALL/USG) that could let an authenticated attacker execute OS commands remotely. Affected firmware ranges include ATP 4.32–5.35, ...

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +113 more potentially affected by CVE-2023-30624 via wasmtime (>=0.10.0 <=5.0.1)

wasmtime CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.0.1, =0.0.1, =0.5.5 and more Source cves: CVE-2023-30624 Source advisory: OSV:RUSTSEC-2023-0092...

Fedora: Security Advisory for golang-github-cli-crypto (FEDORA-2023-cb20f08a4e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-cli-gh (FEDORA-2023-cb20f08a4e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-cli-oauth (FEDORA-2023-cb20f08a4e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: golang-github-cli-crypto-0-0.2.20230331git6be313f.fc37

GitHub's golang-crypto fork required for gh...

Cisco SD-WAN vManage Software Arbitrary File Deletion Vulnerability

A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could...