CVE-2022-24390 Authenticated Command Injection Vulnerability in Fidelis Network and Deception

Vulnerability in rconfig “remotetextfile” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fideli...

new packages: nvme-cli

An update is available for nvme-cli. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.0...

new packages: stratis-cli

An update is available for stratis-cli. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: apache-commons-cli

An update is available for apache-commons-cli. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Transifex command-line client has improper certificate validation

Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073...

Jenkins Denial of Service vulnerability

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service thread consumption via vectors related to a CLI handshake...

Jenkins allows for Code Execution via Crafted Packet to the CLI

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel...

Jenkins directory traversal vulnerability

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...

Fidelis Network Deception 命令注入漏洞

Fidelis Network Deception is a security product from Fidelis USA. A security vulnerability exists in versions prior to Fidelis Network Deception 9.4.5, which stems from a faulty remotetextfile in rconfig, to detect threats and prevent data loss, detect malicious behavior, identify traffic...

CVE-2022-29162 Incorrect Default Permissions in runc

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

CVE-2022-24388

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...

GHSA-8P3C-M625-WH83 Jenkins has CRLF Injection Vulnerability in the CLI

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

point-cli allows local users to obtain sensitive information by listing the process

lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process...

GHSA-MC8M-X6HF-CW2G point-cli allows local users to obtain sensitive information by listing the process

lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process...

GHSA-R57F-7XW3-Q2R9 Improper Authentication in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to...

[SECURITY] Fedora 34 Update: podman-3.4.7-1.fc34

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

GHSA-CPW3-X7GF-P872 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to...

GHSA-77H8-XR85-3X5Q hammer_cli_foreman Improper Certificate Validation vulnerability

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

hammer_cli_foreman Improper Certificate Validation vulnerability

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +14 more potentially affected by CVE-2015-8103 via org.jenkins-ci.main:cli (>=1.626 <=1.637)

org.jenkins-ci.main:cli MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0.18 and more Source cves: CVE-2015-8103 Source advisory: OSV:GHSA-WFW7-6632-XCV2...