AZL-33572 CVE-2022-32149 affecting package cf-cli for versions less than 8.4.0-21

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

CVE-2022-32149 vulnerabilities

Vulnerabilities for packages: dynamic-localpv-provisioner, php-fpmexporter, vt-cli, k3d, gitleaks, terraform-provider-sendgrid, kubeflow, hey, grpcurl...

CVE-2021-44171

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged command...

Fortinet Fortigate Privilege escalation via switch-control CLI command (FG-IR-21-242)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-242 advisory. - A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiOS version 6.0....

CVE-2021-44171

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged command...

Protect

An improper neutralization of special elements used in an os command CWE-78 vulnerability in FortiOS may allow an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands...

CVE-2021-44171

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged command...

Cisco SD-WAN Parameter Injection Vulnerability

Cisco SD-WAN is a highly secure cloud-scale architecture from Cisco that is open, programmable, and scalable. A parameter injection vulnerability exists in the CLI of Cisco SD-WAN Software, which stems from insufficient validation of inputs. Detailed vulnerability details are not available at thi...

Cloudfox - Automating Situational Awareness For Cloud Penetration Tests

CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. CloudFox helps you answer the following commo...

PT-2022-24127 · Aruba · Aruba Instant +1

Name of the Vulnerable Software and Affected Versions: Aruba InstantOS versions 6.4.4.8 through 4.2.4.20 and below Aruba InstantOS versions 6.5.4.23 and below Aruba InstantOS versions 8.6.0.18 and below Aruba InstantOS versions 8.7.1.9 and below Aruba InstantOS versions 8.10.0.1 and below ArubaOS...

CVE-2022-40764

A flaw was found in the snyk package. Affected versions of this package are vulnerable to Command Injection via the snyk-go-plugin which is used by the Snyk CLI tool...

@adobe/git-server (>=0.9.18 <=1.0.5), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=6.1.0) +37 more potentially affected by CVE-2022-40764 via snyk-go-plugin (>=1.10.0 <=1.17.0)

snyk-go-plugin NPM version =1.10.0, =0.9.18, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.0.70, =0.5.8, =3.2.4, =0.0.2, =0.0.7, =0.2.0, =0.2.8 and more Source cves: CVE-2022-40764 Source advisory: OSV:GHSA-HPQJ-7CJ6-HFJ8...

Snyk CLI affected by Command Injection vulnerability

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

GHSA-HPQJ-7CJ6-HFJ8 Snyk CLI affected by Command Injection vulnerability

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

Command injection

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

CVE-2022-40764 affects Snyk CLI and related IDE plugins; before 1.996.0, it allowed arbitrary command execution, potentially via viewing untrusted files in VS Code. The original demonstration involved shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1 and...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...