Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

@accounter-toolkit/green-invoice-graphql (>=0.0.2 <=0.2.0-alpha-20230313141007-4bdbab6), @accounter-toolkit/hashavshevet-mesh (>=0.0.2 <=0.0.4-alpha-20230313141007-4bdbab6) +10 more potentially affected by CVE-2025-27098 via @graphql-mesh/cli (>=0.78.0 <=0.82.21)

@graphql-mesh/cli NPM version =0.78.0, =0.0.2, =0.0.2, =0.0.2, =0.2.0-alpha.24, =5.1.0-canary.3, =6.0.0-canary.20, =6.0.0-canary.20, =6.0.0-canary.20, =2.2.6, =0.1.147, =0.1.3, =0.1.9, =0.1.10 Source cves: CVE-2025-27098 Source advisory: OSV:GHSA-J2WH-WRV3-4X4G...

CVE-2022-38378

An improper privilege management vulnerability CWE-269 in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section System subsection Administrator Users to modify their own profile a...

CVE-2022-33871

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename and execute backup-local show...

CVE-2022-33871

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename and execute backup-local show...

CVE-2022-33871

CVE-2022-33871 is a stack-based buffer overflow affecting FortiWeb prior to patch versions: 7.0.1 and earlier, 6.4 all versions, and 6.3.19 and earlier. The root cause is a vulnerable handling of CLI commands, namely execute backup-local rename and execute backup-local show, which can let a privi...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.3 security update

Red Hat OpenShift Container Platform release 4.12.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

CVE-2023-20075

The CVE-2023-20075 issue affects Cisco Secure Email Gateway (ESA) / Cisco Email Security Appliance CLI. It stems from improper input validation in the CLI, enabling an authenticated, local attacker to inject operating system commands into a legitimate CLI command and escape the restricted prompt ...

CVE-2023-20075

Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a...

FortiWeb - format string vulnerability in the CLI

A format string vulnerability CWE-134 in the command line interpreter of FortiWeb may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments...

Protect

An improper privilege management vulnerability CWE-269 in FortiOS & FortiProxy may allow an administrator that has access to the admin profile section System subsection Administrator Users to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands...

Intel OneApi Toolkits 安全漏洞

Intel OneApi Toolkits is a set of core tools and libraries from the United States Intel Intel. It is used to develop high-performance, data-centric applications across different architectures. A security vulnerability exists in IntelR oneAPI Toolkits prior to version 0.2.0, which stems from an...

Protect

A relative path traversal vulnerability CWE-23 in FortiOS, FortiProxy, and FortiSwitchManager may allow an authenticated attacker to read and write files on the underlying system via crafted HTTP, HTTPS or CLI requests...

FortiWeb - Buffer overflow in execute backup-local command

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename and execute backup-local show operations...

FortiWeb - Command injection in CLI backup functionality

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

FortiWeb - Double free in pipe management

A double free vulnerability CWE-415 in FortiWeb CLI may allow an authenticated, local attacker to achieve arbitrary code execution via specifically crafted commands...

FortiADC - OS command injection vulnerability in CLI

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiADC may allow an authenticated attacker to execute arbitrary shell code as root via CLI commands...

FortiWeb - Heap based overflow in CLI

A buffer overflow vulnerability CWE-122 in the the command line interpreter of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted arguments to existing commands...

PT-2023-12848 · Intel · Oneapi Toolkits Oneapi-Cli

Name of the Vulnerable Software and Affected Versions: oneAPI Toolkits oneapi-cli versions prior to 0.2.0 Description: The issue is related to insecure inherited permissions, which may allow an authenticated user to potentially enable escalation of privilege via local access. Recommendations: For...

SUSE CVE-2005-1922

The MS-Expand file handling in Clam AntiVirus ClamAV before 0.86 allows remote attackers to cause a denial of service file descriptor and memory consumption via a crafted file that causes repeated errors in the climsexpand function...