SUSE CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

SUSE CVE-2021-41228

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...

SUSE CVE-2022-29216

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...

SUSE CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

GemFetch (>=0.1.3 <=0.1.6), MFEKmath (>=0.1.0 <=0.1.1) +2934 more potentially affected by unknown CVE via safemem (>=0.1.1 <=0.3.3)

safemem CARGO version =0.1.1, =0.1.3, =0.1.0, =0.1.0, =0.1.0, =0.8.16, =0.2.0, =0.1.1, =0.1.0, =0.0.6, =0.0.7-alpha.3, =0.0.7-alpha.1, =0.1.0, =0.9.2, =0.9.3 - acme2-slim =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0081...

K000132492: SQLite vulnerability CVE-2022-46908

Security Advisory Description SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVE-2022-46908 Impact There is no impact; F5 produc...

CVE-2022-3568

The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.9.55 security update

Red Hat OpenShift Container Platform release 4.9.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.27.0

Release of OpenShift Serverless Client kn 1.27.0 Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...

WordPress plugin ImageMagick Engine 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-25164

Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli = 1.0.0 && 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in plaintext to the index.js file. If you're on a...

CVE-2023-25164

The CVE-2023-25164 entry concerns Tinacms where sites built with @tinacms/cli &gt;= 1.0.0 and

CVE-2023-25164 Sensitive Information leak via Script File in TinaCMS

Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli = 1.0.0 && 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in plaintext to the index.js file. If you're on a...

Exploit for Download of Code Without Integrity Check in Fortinet Fortios

Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...

Exploit for Out-of-bounds Read in Adobe Bridge

Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.2 security update

Red Hat OpenShift Container Platform release 4.12.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

Design/Logic Flaw

syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...

CVE-2023-24827

Syft (CLI + Go library for SBOMs) had a password disclosure vulnerability in v0.69.0–v0.69.1 where SYFT_ATTEST_PASSWORD could leak credentials in logs (DEBUG+ levels) and in attestations/SBOM payloads when using syft-json. The issue affects users who set SYFT_ATTEST_PASSWORD; users without it are...

CVE-2023-24827 Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set in syft

syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...

CVE-2022-38547

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which...