CVE-2022-20907 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...

CVE-2022-20907

CVE-2022-20907 : In Cisco Nexus Dashboard, there are privilege-escalation vulnerabilities caused by insufficient input validation during CLI command execution. An authenticated local attacker could log in as the rescue-user and run a malicious payload to elevate privileges to root on the device. ...

CVE-2022-20908 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...

CVE-2022-20908 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...

Fedora: Security Advisory for osbuild-composer (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

deterministic-wasi-ctx (=0.1.3), enarx (>=0.5.0 <=0.5.1) +8 more potentially affected by CVE-2022-31146 via wasmtime (=0.37.0)

wasmtime CARGO version =0.37.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - deterministic-wasi-ctx =0.1.3 - enarx =0.5.0, =0.5.1 - enarx-exec-wasmtime =0.5.1 - wasi-tokio =0.37.0 - wasmtime-cli-flags =0.37.0 -...

Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...

Memory corruption

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service DoS. On all Junos platforms, the Kernel Routing Table KRT queue can get stuck due to a memory leak triggered ...

[SECURITY] Fedora 35 Update: osbuild-composer-56-2.fc35

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients...

[SECURITY] Fedora 35 Update: pack-0.27.0-2.fc35

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

CVE-2022-30301

A path traversal vulnerability CWE-22 in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...

CVE-2022-30301

A path traversal vulnerability CWE-22 in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...

Path traversal

A path traversal vulnerability CWE-22 in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to...

CVE-2022-30526

CVE-2022-30526 affects Zyxel USG FLEX/USGZyWALL firewalls (e.g., USG FLEX 100(W), 200, 500, 700; USG FLEX 50(W); USG20(W)-VPN; ATP; VPN series; USG/ZyWALL). The issue is a local privilege escalation via the CLI caused by a SUID binary that allows a low-privileged user to copy files as root and ov...

CVE-2022-30526

A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100W firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50W...

Zyxel USG FLEX 安全漏洞

Zyxel USG FLEX is a firewall from China-based Hopkins Technology Zyxel. Offering flexible VPN options IPsec, SSL or L2TP, it provides flexible and secure remote access for remote work and management. A security vulnerability exists in Zyxel products that stems from a privilege escalation...

Design/Logic Flaw

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

CVE-2022-30301

A path traversal vulnerability CWE-22 in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...

CVE-2022-30301

CVE-2022-30301 describes a local path traversal vulnerability in FortiAP-U CLI. Affected: FortiAP-U CLI versions 6.2.0–6.2.3, 6.0.0–6.0.4, 5.4.0–5.4.6. Root cause: input/CLI processing allows deletion and unauthorized access to files and data via crafted CLI commands; impact targets confidentiali...