OSV-2022-1008 Heap-buffer-overflow in cli_js_parse_done

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52038 Crash type: Heap-buffer-overflow READ 4 Crash state: clijsparsedone clihtmlnormalise htmlnormalisemap...

Snyk CLI 操作系统命令注入漏洞

Snyk CLI is a build-time tool from Snyk USA for finding and fixing known vulnerabilities in projects. An operating system command injection vulnerability exists in versions of Snyk CLI prior to 1.996.0, which stems from allowing the execution of arbitrary commands and affects the Snyk IDE plugin...

PT-2022-25524 · Snyk +1 · Snyk-Go-Plugin +5

Name of the Vulnerable Software and Affected Versions: Snyk CLI versions prior to 1.996.0 snyk-go-plugin versions prior to 1.19.1 Snyk TeamCity plugin versions prior to 20220930.142957 Description: The issue allows for arbitrary command execution, affecting Snyk IDE plugins and the snyk npm...

CVE-2022-20930

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands...

CVE-2022-20850

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit...

Input validation

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit...

Input validation

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands...

CVE-2022-20930 Cisco SD-WAN Software Arbitrary File Corruption Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands...

CVE-2022-20855 Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the...

CVE-2022-20850 Cisco SD-WAN Arbitrary File Deletion Vulnerability

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit...

CVE-2022-20850 Cisco SD-WAN Arbitrary File Deletion Vulnerability

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit...

CVE-2022-20850

Cisco CVE-2022-20850 concerns the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software. The root cause is insufficient input validation, enabling an authenticated, local attacker to inject arbitrary file path information to delete arbitrary files from the device filesystem. I...

CVE-2022-20818 Cisco SD-WAN Software Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a...

CVE-2022-20818

Cisco SD-WAN Software CLI contains privilege-escalation vulnerabilities due to improper access controls on commands. An authenticated, local attacker could run malicious CLI commands to execute arbitrary commands as root. The issue requires access to the Viptela shell (SSH or local access). A con...

CVE-2022-20775

Cisco CVE-2022-20775 affects the Cisco Catalyst SD-WAN Controller/Manager CLI. It is a local, authenticated privilege-escalation in the CLI caused by improper access controls on commands, enabling an attacker to run commands as root. Cisco released updates addressing this, with no workarounds. Af...

CVE-2022-20775 Cisco SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted...

How Scanning Your Projects for Security Issues Can Lead to Remote Code Execution

The Imperva Red Team recently discovered and disclosed CVE-2022-40764, a command injection vulnerability affecting Snyk CLI. Snyk is a security company best known for its dependency vulnerability management software. The disclosed command injection vulnerability affects the Snyk command-line...

Command Injection

Overview snyk is an advanced tool that scans and monitors projects for security vulnerabilities. Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system...

Cisco IOS XE Software SD WAN Arbitrary File Deletion (cisco-sa-arb-file-delete-VB2rVcQv)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affect...

Cisco SD-WAN Software Arbitrary File Corruption (cisco-sa-sdwan-privesc-cli-xkGwmqKu)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to...