@0x77/ccpack (>=0.0.0 <=0.1.5), @aio-server/core (>=0.0.1 <=0.0.1001) +87 more potentially affected by CVE-2022-39386 via fastify-websocket (>=0.3.0 <=4.3.0)

fastify-websocket NPM version =0.3.0, =0.0.0, =0.0.1, =0.0.1, =0.0.15, =0.0.13, =1.0.0, =0.2.42, =1.0.0, =2.0.3, =9.1.1, =9.1.4 and more Source cves: CVE-2022-39386 Source advisory: OSV:GHSA-4PCG-WR6C-H9CQ...

CVE-2022-37911

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of...

CVE-2022-37910

CVE-2022-37910 describes a buffer overflow in the ArubaOS command line interface that can cause a denial of service on affected systems. The vulnerability is documented across multiple feeds (NVD, Red Hat CVE page, NCSC advisories) with ArubaOS CLI identified as the vulnerable component and the r...

CVE-2022-37906

CVE-2022-37906 is an authenticated path-traversal vulnerability in the ArubaOS command line interface. The issue allows an attacker with user-level access to delete arbitrary files on the underlying operating system by abusing CLI paths. Multiple sources confirm ArubaOS CLI exposure and the impac...

CVE-2022-37900

CVE-2022-37900 describes authenticated command-injection vulnerabilities in the ArubaOS command-line interface. Exploitation could allow arbitrary commands to be executed with privileged OS rights. Affected software is ArubaOS (Aruba Mobility Controllers/Mobility Access Switches) with the vulnera...

CVE-2022-37899

CVE-2022-37899 describes authenticated command injection in ArubaOS CLI, allowing execution of arbitrary commands with privileged OS access. Multiple feeds (NVD, Red Hat, CNNVD, PRION, etc.) corroborate ArubaOS as the affected software and a command-injection class vulnerability; some sources not...

PT-2022-24146 · Hewlett Packard · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: The issue is due to improper restrictions on XML entities, which leads to multiple vulnerabilities in the command line interface. A successful exploit could allow an authenticated attacker ...

@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-39381 via hummus (>=1.0.104 <=1.0.110)

hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-39381 Source advisory: OSV:GHSA-RCRX-FPJP-MFRW...

CVE-2022-38372

A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

Command injection

A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

Authentication flaw

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

CVE-2022-26119

Affected software : Fortinet FortiSIEM versions prior to 6.5.0. Vulnerability : Improper authentication allowing a local attacker with CLI access to perform operations on the Glassfish server via a hardcoded password. The root cause is hardcoded/default credentials used when connecting to Glassfi...

CVE-2022-38372

FortiTester CLI contains a hidden functionality vulnerability (CWE-1242) that can allow a local, privileged user to obtain a root shell via an undocumented command. Affected versions are FortiTester CLI 2.3.0–3.9.1, 4.0.0–4.2.0, and 7.0.0–7.1.0. Red Hat and other sources reference the same issue,...

PT-2022-24395 · Fortinet · Fortitester Cli

Name of the Vulnerable Software and Affected Versions: FortiTester CLI versions 2.3.0 through 3.9.1 FortiTester CLI versions 4.0.0 through 4.2.0 FortiTester CLI versions 7.0.0 through 7.1.0 Description: A hidden functionality issue may allow a local, privileged user to obtain a root shell on the...

CVE-2022-38372

A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

FortiTester 安全漏洞

FortiTester is a Fortinet professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester CLI versions 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, and 7.0.0 through 7.1.0. An attacker could exploit the vulnerability to obtain sensitive informati...