8014 matches found
Privilege escalation
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”...
Design/Logic Flaw
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”...
Stack overflow
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands...
Information disclosure
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”...
azkm (>=0.1.0 <=0.2.71), azure-knowledgemining-cli (=0.1.0) +3 more potentially affected by CVE-2022-39327 via azure-cli (>=2.0.76 <=2.29.2)
azure-cli PYPI version =2.0.76, =0.1.0, =0.3.1, =0.1.10, =1.0.19 Source cves: CVE-2022-39327 Source advisory: OSV:GHSA-47XC-9RR2-Q7P4...
GHSA-47XC-9RR2-Q7P4 Improper Control of Generation of Code ('Code Injection') in Azure CLI
Description In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. For example: Application X is a web application wi...
Improper Control of Generation of Code ('Code Injection') in Azure CLI
Description In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. For example: Application X is a web application wi...
CVE-2022-39327
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...
PYSEC-2022-43177
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...
azkm (>=0.1.0 <=0.2.71), azure-knowledgemining-cli (=0.1.0) +3 more potentially affected by CVE-2022-39327 via azure-cli (>=2.0.76 <=2.29.2)
azure-cli PYPI version =2.0.76, =0.1.0, =0.3.1, =0.1.10, =1.0.19 Source cves: CVE-2022-39327 Source advisory: OSV:PYSEC-2022-43177...
CVE-2022-39327
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...
Code injection
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...
UBUNTU-CVE-2022-39327
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...
CVE-2022-33182
CVE-2022-33182 is a privilege escalation in Brocade Fabric OS CLI prior to 9.1.0, 9.0.1e, 8.2.3c, or 8.2.0cbn5. A local authenticated user could escalate to root via switch commands: “supportlink”, “firmwaredownload”, “portcfgupload”, “license”, and “fosexec”. Connected PT-2022-5072 corroborates ...
CVE-2022-33179
CVE-2022-33179 affects Brocade Fabric OS CLI before versions v9.1.0, v9.0.1e, v8.2.3c, and v7.4.2j. The issue allows a local authenticated user to escape restricted shells using the command “set context” and perform privilege escalation. Affected product: Brocade Fabric OS CLI. Root cause: improp...
CVE-2022-33180
CVE-2022-33180 affects Brocade Fabric OS CLI before versions v9.1.0, v9.0.1e, v8.2.3c, and v8.2.0cbn5. A local authenticated attacker can export sensitive files using seccryptocfg and configupload. Impact: confidentiality compromise (HIGH). Mitigation: upgrade to the fixed versions (9.1.0, 9.0.1e...
CVE-2022-39327
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...
CVE-2022-33180
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”...
CVE-2022-33183
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands...
CVE-2022-33181
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”...