@adobe/git-server (>=0.9.17 <=1.0.0), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=5.7.6) +34 more potentially affected by CVE-2022-22984 via snyk-python-plugin (>=1.0.0 <=1.24.0)

snyk-python-plugin NPM version =1.0.0, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.0.70, =0.5.8, =3.2.4, =0.0.2, =0.0.11, =1.0.1 - @ericblade/quagga2-redux-middleware =1.0.1 and more Source cves: CVE-2022-22984 Source advisory:...

@adobe/helix-cli (>=0.10.6 <=2.5.4), @baivoom/ngx-barcode-scanner (>=0.0.4 <=0.0.6) +58 more potentially affected by CVE-2022-22984 via snyk-sbt-plugin (>=1.0.2 <=2.15.0)

snyk-sbt-plugin NPM version =1.0.2, =0.10.6, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.5.8, =3.2.4, =0.0.2, =0.0.17, =0.2.2, =1.20.0-alpha.11736.3, =2.3.5, =2.6.4 and more Source cves: CVE-2022-22984 Source advisory: OSV:GHSA-4X6G-3CMX-W76R...

CVE-2022-22984

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

CVE-2022-22984

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

CVE-2022-24441

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

Snyk CLI 操作系统命令注入漏洞

Snyk CLI is a build-time tool from Snyk USA for finding and fixing known vulnerabilities in your project. Snyk CLI before 1.1064.0, snyk-mvn-plugin before 2.31.3, snyk-gradle-plugin before 3.24.5, snyk-cocoapods-plugin before 2.5.3, snyk-sbt-plugin before 2.16.2 versions, snyk-python-plugin befor...

CVE-2022-22984 Command Injection

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

Snyk CLI 操作系统命令注入漏洞

Snyk CLI is a build-time tool from Snyk USA for finding and fixing known vulnerabilities in projects. An operating system command injection vulnerability exists in versions of Snyk CLI prior to 1.1064.0. An attacker could exploit this vulnerability to execute arbitrary code...

CVE-2022-24441 Code Injection

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

CVE-2022-24441

CVE-2022-24441 relates to a code injection flaw in Snyk when analyzing a project. According to the provided description, snyk before 1.1064.0 can be leveraged by convincing a user to scan a malicious project, including commands in build files (e.g., build.gradle or gradle-wrapper.jar), which will...

CVE-2022-39334

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or...

CVE-2022-39334

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or...

CVE-2022-39334 nextcloudcmd incorrectly trusts bad TLS certificates

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or...

CVE-2022-39334

CVE-2022-39334 affects the Nextcloud CLI tool nextcloudcmd (not the GUI/server). The vulnerability arises because nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, enabling a local attacker to perform a MITM to exfiltrate data or credentials. Affected versions are befo...

CVE-2022-39334 nextcloudcmd incorrectly trusts bad TLS certificates

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.9.52 packages update

Red Hat OpenShift Container Platform release 4.9.52 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

Oracle Linux 9 : runc (ELSA-2022-8090)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-8090 advisory. 4:1.1.4-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.4 - Related: 2061316 Tenable has extracted the preceding description block direct...

@falkor/falkor-auth-server (=1.1.1), @figedi/sentry-fastify (=1.0.6) +6 more potentially affected by CVE-2022-41919 via fastify (>=4.0.2 <=4.10.0)

fastify NPM version =4.0.2, =0.0.2, =0.0.16 - verdaccio =6.0.0-6-next.52 Source cves: CVE-2022-41919 Source advisory: OSV:GHSA-3FJJ-P79J-C9HH...