CVE-2022-0982

The CVE-2022-0982 entry concerns Accel-PPP (Accel-Ppp) server code: telnet_input_char copies user input cmdline_len into a fixed buffer b->buf without bounds checking, causing memory corruption. This vulnerability can be remotely triggered when a server connects to a malicious client, enabling...

dalineunit (>=0.0.31 <=0.0.69), encapsia-cli (>=0.1.8 <=0.5.1) +5 more potentially affected by CVE-2022-0430 via httpie (>=1.0.3 <=2.6.0)

httpie PYPI version =1.0.3, =0.0.31, =0.1.8, =0.0.14, =1.0.0, =1.3.21, =1.9.24 - veracode-api-signing =21.3.0 Source cves: CVE-2022-0430 Source advisory: OSV:PYSEC-2022-167...

ai.h2o:h2o-clustering (>=3.32.1.1 <=3.44.0.2), ai.h2o:h2o-k8s (>=3.30.0.2 <=3.44.0.2) +211 more potentially affected by CVE-2022-21230 via org.nanohttpd:nanohttpd (>=2.2.0 <=2.3.1)

org.nanohttpd:nanohttpd MAVEN version =2.2.0, =3.32.1.1, =3.30.0.2, =3.34.0.3, =1.0.0, =1.0.0, =1.0.0, =3.8, =1.0, =1.1, =0.2.22, =0.2.22, =0.4.15 and more Source cves: CVE-2022-21230 Source advisory: SNYK:JAVA-ORGNANOHTTPD-2422798...

@fluentui/bundle-size (>=1.1.3 <=1.1.6), @georgs/beachball (=2.22.0) +17 more potentially affected by CVE-2022-25865 via workspace-tools (>=0.10.3 <=0.16.2)

workspace-tools NPM version =0.10.3, =1.1.3, =0.0.2, =0.0.2, =1.3.0, =0.1.1, =1.2.0, =1.0.3, =0.1.2, =6.1.2, =1.48.2, =0.3.0, =1.0.0, =0.13.0, =1.0.1 and more Source cves: CVE-2022-25865 Source advisory: SNYK:JS-WORKSPACETOOLS-2421201...

Code injection in Stripe CLI on windows

Impact A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linux are unaffected. An attacker who successfully exploits the...

GHSA-4CX6-FJ7J-PJX9 Code injection in Stripe CLI on windows

Impact A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linux are unaffected. An attacker who successfully exploits the...

Arbitrary Code Execution

github.com/stripe/stripe-cli is vulnerable to Arbitrary Code Execution. An attacker can inject and execute malicious commands through the stripe login, stripe config -e, stripe community, and stripe open in windows...

CVE-2022-24753

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...

Code injection

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...

CVE-2022-24753 Code injection in Stripe CLI on windows

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...

CVE-2022-24753 Code injection in Stripe CLI on windows

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...

CVE-2022-24753

CVE-2022-24753 describes a Windows-specific vulnerability in the Stripe CLI where if certain commands are run in a directory with attacker-planted files, an attacker could execute arbitrary code under the current user. Affected commands include stripe login, stripe config -e, stripe community, an...

CVE-2022-24753 Code injection in Stripe CLI on windows

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...

PT-2022-16856 · Stripe · Stripe Cli

Name of the Vulnerable Software and Affected Versions: Stripe CLI versions prior to 1.7.13 Description: A vulnerability exists in Stripe CLI on Windows when certain commands are run in a directory where an attacker has planted files. The affected commands are stripe login, stripe config -e, strip...

Stripe CLI 操作系统命令注入漏洞

Stripe CLI is a command line tool for the Stripe e-commerce platform from Stripe Ireland. Stripe CLI suffers from an operating system command injection vulnerability that can be exploited by an attacker to run arbitrary code in the current user's environment...

Important: docker

Issue Overview: A file permissions vulnerability was found in Moby Docker Engine. Copying files by using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an...

dalineunit (>=0.0.31 <=0.0.69), encapsia-cli (>=0.1.8 <=0.5.1) +5 more potentially affected by CVE-2022-24737 via httpie (>=1.0.3 <=2.6.0)

httpie PYPI version =1.0.3, =0.0.31, =0.1.8, =0.0.14, =1.0.0, =1.3.21, =1.9.24 - veracode-api-signing =21.3.0 Source cves: CVE-2022-24737 Source advisory: OSV:GHSA-9W4W-CPC8-H2FQ...

dalineunit (>=0.0.31 <=0.0.69), encapsia-cli (>=0.1.8 <=0.5.1) +5 more potentially affected by CVE-2022-24737 via httpie (>=1.0.3 <=2.6.0)

httpie PYPI version =1.0.3, =0.0.31, =0.1.8, =0.0.14, =1.0.0, =1.3.21, =1.9.24 - veracode-api-signing =21.3.0 Source cves: CVE-2022-24737 Source advisory: OSV:PYSEC-2022-34...

OSV-2022-214 Heap-buffer-overflow in cli_bcomp_freemeta

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45194 Crash type: Heap-buffer-overflow READ 8 Crash state: clibcompfreemeta clibcompaddpatt readdbparseldbsubsignature...

Fortinet FortiAP-C OS Command Injection Vulnerability

Fortinet FortiAP, a Fortinet controller for managing wireless access point devices, is vulnerable to an operating system command injection vulnerability that stems from the lack of valid escaping and filtering of special elements used in the FortiAP-C console, which could be exploited by an...