Fedora: Security Advisory for golang-github-opencontainers-runc (FEDORA-2022-91b747a0d7)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-opencontainers-runc (FEDORA-2022-e980dc71b1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: golang-github-opencontainers-runc-1.1.2-1.fc34

Runc is a CLI tool for spawning and running containers according to the OCI specification...

[SECURITY] Fedora 35 Update: golang-github-opencontainers-runc-1.1.2-1.fc35

Runc is a CLI tool for spawning and running containers according to the OCI specification...

Fortinet FortiOS Access Control (FG-IR-21-147)

An improper access control vulnerability in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands. Note that Nessus has...

Low: Red Hat Security Advisory: RHV RHEL Host (ovirt-host) [ovirt-4.5.0] security update

Updated host packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

@chainsafe/lodestar-cli (>=0.12.0 <=0.28.2-dev.18) potentially affected by CVE-2022-29219 via @chainsafe/lodestar (>=0.12.0 <=0.28.2-dev.18)

@chainsafe/lodestar NPM version =0.12.0, =0.12.0, =0.28.2-dev.18 Source cves: CVE-2022-29219 Source advisory: OSV:GHSA-CVJ7-5F3C-9VG9...

GHSA-75C9-JRH4-79MC Code injection in `saved_model_cli` in TensorFlow

Impact TensorFlow's savedmodelcli tool is vulnerable to a code injection: savedmodelcli run --inputexprs 'x=print"malicious code to run"' --dir ./ --tagset serve --signaturedef servingdefault This can be used to open a reverse shell savedmodelcli run --inputexprs 'hello=exec"""\nimport...

acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-29211 via tensorflow (>=2.8.0 <=2.8.0rc1)

tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-29211 Source advisory: OSV:GHSA-XRP2-FHQ4-4Q3W...

at.porscheinformatik.zanata:common (>=4.7.0 <=4.7.8), at.porscheinformatik.zanata:stub-server (>=4.7.0 <=4.7.8) +516 more potentially affected by CVE-2020-1695 via org.jboss.resteasy:resteasy-client (>=3.0.0.Final <=3.11.5.Final)

org.jboss.resteasy:resteasy-client MAVEN version =3.0.0.Final, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =1.1.9, =1.0.0.Final, =1.0.3.Final and more Source cves: CVE-2020-1695 Source advisory: OSV:GHSA-63CQ-PPQ8-CW6G...

Reposaur - The Open Source Compliance Tool For Development Platforms

Reposaur is the open sourcecompliance tool for development platforms. Audit, verify and report on your data and configurations easily with pre-defined and/or custom policies. Supports GitHub. GitLab, BitBucket and Gitea support soon. Getting Started Have you ever felt like you don't know what's...

GHSA-X23Q-4J9J-9CXW Ops CLI Deserialization of Untrusted Data vulnerability

Ops CLI version 2.0.4 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkoutrepo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine...

Ops CLI Deserialization of Untrusted Data vulnerability

Ops CLI version 2.0.4 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkoutrepo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine...

GHSA-GM5X-HPMW-XPXG Silverstripe CMS information disclosure

In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to...

GHSA-3MRP-QHCJ-MWV5 Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6cpc-mj5c-m9rq. This link is maintained to preserve external references. Original Description An issue exists in node-cli 0.1.0 through 0.11.3 due to predictable temporary file names in lockfile and logfile, whi...

Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6cpc-mj5c-m9rq. This link is maintained to preserve external references. Original Description An issue exists in node-cli 0.1.0 through 0.11.3 due to predictable temporary file names in lockfile and logfile, whi...

CVE-2022-26532

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series...

Input validation

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG...

Design/Logic Flaw

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series...

CVE-2022-26532

CVE-2022-26532 is a local command-injection vulnerability in Zyxel devices’ packet-trace CLI, affecting USG/ZyWALL family firmwares 4.09–4.71, USG FLEX 4.50–5.21, ATP 4.32–5.21, VPN 4.30–5.21, NSG 1.00–1.33 Patch 4, NXC2500 6.10 AAIG.3 and earlier, NAP203 6.25 ABFA.7 and earlier, NWA50AX 6.25 ABY...