@broadcom/mat-analyze-for-zowe-cli (=2.0.1), @broadcom/test4z (=2.0.0) +4 more potentially affected by CVE-2021-4326 via @zowe/imperative (>=5.0.0 <=5.7.0)

@zowe/imperative NPM version =5.0.0, =1.0.0, =2.0.2, =7.0.0, =2.0.0, =3.0.0-next.202311171754 Source cves: CVE-2021-4326 Source advisory: OSV:GHSA-6Q8M-42QQ-64R7...

GHSA-6Q8M-42QQ-64R7 Imperative CLI vulnerable to Command Injection

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

Imperative CLI vulnerable to Command Injection

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.53 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

Malicious Package

Overview webpack-cli.legacy is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

CVE-2023-22771

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account...

CVE-2023-22762

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2023-20075

Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

Input validation

Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a...

Design/Logic Flaw

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

Cisco Secure Email 代码问题漏洞

Cisco Secure Email is the Cisco Secure Email formerly known as Email Security from Cisco USA provides the best protection for your email from network threats. A security vulnerability exists in Cisco Secure Email Gateway ESA, Cisco Secure Email and Web Manager SMA, which stems from a security iss...

Cisco Secure Email 操作系统命令注入漏洞

Cisco Secure Email is Cisco's Cisco Secure Email formerly Email Security provides optimal protection for your email from cyber threats. A security vulnerability exists in Cisco Secure Email Gateway that stems from incorrect input validation in the CLI, which can be exploited by an attacker to...

CVE-2023-22774

The CVE-2023-22774 entry concerns an authenticated path traversal vulnerability in ArubaOS CLI that allows deletion of arbitrary files on the underlying OS. Affected component is ArubaOS command line interface; root cause involves path traversal in authenticated context. Impact, as described, inc...

CVE-2023-22773

CVE-2023-22773 involves an authenticated path-traversal vulnerability in ArubaOS CLI. Exploitation enables deletion of arbitrary files on the underlying OS. Affected product: ArubaOS (CLI path likely used by Mobility Controllers/Gateways). Root cause: path-traversal in CLI handling allows access ...

CVE-2023-22771

ArubaOS (CLI) contains an insufficient session expiration vulnerability that allows an attacker to keep a session open after the impacted account is removed. The issue affects ArubaOS Command Line Interface components and is documented as CVE-2023-22771. Impact is described variably across source...

CVE-2023-22770

CVE-2023-22770 affects ArubaOS, specifically the ArubaOS command line interface used in Mobility Controllers/Gateways. Authenticated command injection arises from insufficient input sanitization in the CLI, enabling execution of arbitrary commands as a privileged OS user. The vulnerability has be...

CVE-2023-22769

CVE-2023-22769 affects ArubaOS CLI, enabling authenticated command injection that lets an attacker run arbitrary commands with privileged OS rights. Multiple sources confirm the vulnerability in ArubaOS, with impact described as total compromise to confidentiality, integrity, and availability. Ex...