CVE-2022-37898

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

Design/Logic Flaw

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

Buffer overflow

A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system...

CVE-2022-46908

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

CVE-2022-46908

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

CVE-2022-46908

CVE-2022-46908 affects SQLite up to version 3.40.0 and stems from improper handling of azProhibitedFunctions when using --safe for untrusted CLI scripts, allowing UDFs like WRITEFILE. Multiple connected advisories confirm impact across Linux distros (e.g., Alpine, Mariner) and provide patch guida...

CVE-2022-46908

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

AZL-33617 CVE-2022-41717 affecting package moby-cli for versions less than 24.0.9-1

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

aqtinstall (=0.9.8), brevettiai (>=0.5.4 <=0.8.5) +19 more potentially affected by CVE-2022-44900 via py7zr (>=0.10.2 <=0.18.5)

py7zr PYPI version =0.10.2, =0.5.4, =0.1.0, =1.1.1.dev1, =1.2.0, =1.1.6, =0.1.0, =1.0.0, =1.1.1, =0.2.6, =2.0.0, =0.2.8, =4.6.0.dev1 and more Source cves: CVE-2022-44900 Source advisory: OSV:GHSA-M8XW-9X5X-6VH3...

aqtinstall (=0.9.8), brevettiai (>=0.5.4 <=0.8.5) +19 more potentially affected by CVE-2022-44900 via py7zr (>=0.10.2 <=0.18.5)

py7zr PYPI version =0.10.2, =0.5.4, =0.1.0, =1.1.1.dev1, =1.2.0, =1.1.6, =0.1.0, =1.0.0, =1.1.1, =0.2.6, =2.0.0, =0.2.8, =4.6.0.dev1 and more Source cves: CVE-2022-44900 Source advisory: OSV:PYSEC-2022-42998...

yio-cli (=1.0.0) potentially affected by CVE-2023-26128 via keep-module-latest (=1.0.1)

keep-module-latest NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keep-module-latest and may be impacted: - yio-cli =1.0.0 Source cves: CVE-2023-26128 Source advisory: SNYK:JS-KEEPMODULELATEST-3157165...

grunt-yellowlabtools (>=0.0.1 <=1.2.1), install-is (>=1.4.0 <=1.4.2) +3 more potentially affected by CVE-2022-25906 via is-http2 (>=1.0.4 <=1.2.0)

is-http2 NPM version =1.0.4, =0.0.1, =1.4.0, =1.0.0, =1.10.0, =1.13.4 Source cves: CVE-2022-25906 Source advisory: SNYK:JS-ISHTTP2-3153878...

CVE-2022-42718

The CVE-2022-42718 entry concerns NI LabVIEW Command Line Interface (CLI). The root issue is incorrect default permissions in the installation folder, which may allow an authenticated local user to escalate privileges. Impact is a local privilege-escalation risk with high severity (CVE reported w...

CVE-2022-44532

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect...

CVE-2022-44532

CVE-2022-44532 describes an authenticated path traversal in the Aruba EdgeConnect Enterprise CLI that allows reading arbitrary files on the underlying OS. Affected software (ECOS) includes versions ECOS 9.2.1.0 and below; 9.1.3.0 and below; 9.0.7.0 and below; 8.3.7.1 and below. The vulnerability ...

CVE-2022-43541

CVE-2022-43541 affects Aruba EdgeConnect Enterprise Software via the built-in command line interface. The vulnerability allows remote authenticated users to execute arbitrary commands as root on the underlying OS, potentially leading to complete system compromise. Affected software and versions a...

CVE-2022-37923

The CVE-2022-37923 issue affects Aruba EdgeConnect Enterprise Software, specifically the EdgeConnect Enterprise command line interface. The vulnerability enables remote authenticated users to execute arbitrary commands with root privileges on the underlying OS, potentially resulting in complete s...

CVE-2022-37922

CVE-2022-37922 affects Aruba EdgeConnect Enterprise Software via the EdgeConnect CLI. The vulnerability allows remote authenticated users to execute arbitrary commands on the underlying host with root privileges, potentially leading to complete system compromise. Affected versions include ECOS 9....

CVE-2022-37920

CVE-2022-37920 affects Aruba EdgeConnect Enterprise Software (ECOS) prior to 9.2.1.0, 9.1.3.0, 9.0.7.0, and 8.3.7.1. The vulnerability exists in the command line interface and allows remote authenticated users to execute arbitrary commands on the underlying host with root privileges, potentially ...

@adobe/git-server (>=1.0.1 <=1.0.5), @adobe/helix-cli (>=5.7.7 <=6.1.0) +34 more potentially affected by CVE-2022-22984 via @snyk/snyk-cocoapods-plugin (>=1.0.2 <=2.5.2)

@snyk/snyk-cocoapods-plugin NPM version =1.0.2, =1.0.1, =5.7.7, =2.16.1, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.5.8, =3.2.4, =0.0.2, =0.0.8, =0.2.0, =1.20.0-alpha.11736.3, =1.24.0-alpha.1 and more Source cves: CVE-2022-22984 Source advisory: OSV:GHSA-4X6G-3CMX-W76R...