Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit...

Cisco Access Point Software Command Injection Vulnerability

A vulnerability in Cisco access points AP software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker...

PT-2023-2217 · Cisco · Cisco Ios Xe Sd-Wan +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE SD-WAN Software affected versions not specified Description: The issue is due to insufficient input validation by the system CLI, allowing an authenticated, local attacker to execute arbitrary commands with elevated privileges. A...

Important: aws-nitro-enclaves-cli

Issue Overview: Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. CVE-2022-31394 Affected Packages: aws-nitro-enclaves-cli Issue Correction: Run dnf update...

Amazon Linux 2 : aws-nitro-enclaves-cli (ALASNITRO-ENCLAVES-2023-021)

The version of aws-nitro-enclaves-cli installed on the remote host is prior to 1.2.2-0. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2023-021 advisory. Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H...

CBL Mariner 2.0 Security Update: sqlite (CVE-2022-46908)

The version of sqlite installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-46908 advisory. - SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly...

Fedora: Security Advisory for pack (FEDORA-2023-0c354a3f9a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for pack (FEDORA-2023-2df9d60e4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2023-0094 Updated sqlite3 packages fix security vulnerability

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908...

[SECURITY] Fedora 36 Update: pack-0.29.0~rc1-1.fc36

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

[SECURITY] Fedora 37 Update: pack-0.29.0~rc1-1.fc37

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

Fortinet FortiOS - Path Traversal Vulnerability (FG-IR-22-401)

The version of FortiOS installed on the remote host is affected by a path traversal vulnerability. A relative path traversal vulnerability CWE-23 in FortiOS and FortiProxy may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests. Not...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.31 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

Fortinet FortiOS Path Traversal Vulnerability

Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands...

CVE-2023-0978

A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to...

CVE-2023-27903

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

[SECURITY] Fedora 38 Update: pack-0.29.0~rc1-1.fc38

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

Fedora: Security Advisory for pack (FEDORA-2023-5eca6a8326)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=4.0.0 <=5.6.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (=5.6.5) +127 more potentially affected by CVE-2023-24057 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.r5 (>=0.0.1 <=5.6.105)

ca.uhn.hapi.fhir:org.hl7.fhir.r5 MAVEN version =0.0.1, =4.0.0, =4.1.0, =4.0.3, =4.1.0, =4.0.0, =5.0.0, =4.0.0, =5.3.0, =5.1.0, =5.3.0, =4.0.0, =4.1.0, =4.0.0, =4.0.0, =5.4.0 and more Source cves: CVE-2023-24057, CVE-2023-28465 Source advisory: OSV:GHSA-9654-PR4F-GH6M...

Incorrect Authorization in Jenkins Core

When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and , and LTS prior to 2.387.1 creates this temporary file in the default temporar...