CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

CVE-2022-33179

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges...

CVE-2022-39321

The CVE-2022-39321 vulnerability affects GitHub Actions Runner: a logic bug in how the environment is encoded into docker invocations allowed input to escape environment variables and modify docker commands. Affected versions prior to patch are 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4. Pat...

CVE-2022-33183

CVE-2022-33183 describes a stack buffer overflow in the Brocade Fabric OS CLI. The vulnerability affects Brocade Fabric OS Command Line Interface prior to versions v9.1.0, v9.0.1e, v8.2.3c, v8.2.0cbn5, and v7.4.2.j, enabling a remote authenticated attacker to trigger a stack overflow via the firm...

PT-2022-6012

Name of the Vulnerable Software and Affected Versions Azure CLI versions prior to 2.40.0 Description The vulnerability is related to the Azure CLI's command-line interface for Microsoft Azure, which contains a potential code injection issue in versions prior to 2.40.0. This vulnerability can be...

CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

CVE-2022-33179

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges...

CVE-2022-39327

Azure CLI (versions

CVE-2022-33181

CVE-2022-33181 affects Brocade Fabric OS CLI. The flaw in the CLI could allow a local authenticated attacker to read sensitive files via switch commands configshow and supportlink. Affected versions include Brocade Fabric OS before v9.1.0, and specific builds v9.0.1e, v8.2.3c, v8.2.0cbn5, and v7....

CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

Cisco TelePresence CE Multiple Vulnerabilities (cisco-sa-roomos-trav-beFvCcyu)

According to its self-reported version, Cisco TelePresence Collaboration Endpoint Software is affected by multiple vulnerabilities: - A vulnerability in Cisco TelePresence CE could allow an authenticated, local attacker to view sensitive information on an affected device. This vulnerability exist...

CVE-2022-41780 F5OS CLI vulnerability CVE-2022-41780

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files...

D-Link DSL-2750B 命令注入漏洞

The D-Link DSL-2750B is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DSL-2750B prior to version 1.05. An attacker can exploit this vulnerability to perform remote unauthenticated command injection via the login.cgi-cli parameter...

CVE-2022-22248

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's...

Memory corruption

An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice Do...

CVE-2022-22248 Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's...

CVE-2022-22240 Junos OS and Junos OS Evolved: An rpd memory leak might be observed while running a specific cli command in a RIB sharding scenario

An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice Do...

CVE-2022-22234 Junos OS: EX2300 and EX3400 Series: One of more SFPs might become unavailable when the system is very busy

An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. If the device is very busy for...

Wordpress ImageMagick-Engine 1.7.4 Plugin - Remote Code Execution (Authenticated) Exploit

Exploit Title: Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:"/wp-content/plugins/imagemagick-engine/" Date: Thursday, September 1, 2022 Exploit Author: ABDO10 Vendor Homepage: https://wordpress.org/plugins/imagemagick-engine/ Software Link...

GHSA-69CH-W2M2-3VJP vulnerabilities

Vulnerabilities for packages: dynamic-localpv-provisioner, php-fpmexporter, vt-cli, k3d, gitleaks, terraform-provider-sendgrid, kubeflow, hey, grpcurl...