Cisco StarOS Command Injection (cisco-sa-staros-cmdinj-759mNT4n)

According to its self-reported version, the Cisco StarOS operating system is affected by a command injection vulnerability due to insufficient input validation of CLI commands. An authenticated, local attacker could exploit this by sending crafted commands to the CLI. A successful exploit could...

Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

CVE-2022-22301

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments...

CVE-2022-22301

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments...

CVE-2022-22301

Summary (CVE-2022-22301) : FortiAP-C consoles suffer from an OS command injection due to improper neutralization of special elements in CLI arguments. Affected versions range from 5.4.0 to 5.4.3 and 5.2.0 to 5.2.1. The issue can allow an authenticated attacker to execute arbitrary commands with C...

Remote Code Execution (RCE)

codeigniter4/framework is vulnerable to remote code execution. The vulnerability exists due to the improper input validation in the library, allowing an attacker to execute CLI routes via an HTTP request...

Cisco Ultra Cloud Core 安全漏洞

Cisco Ultra Cloud Core is a Kubernetes-based solution from Cisco. It provides a common execution environment for Cisco's container-based 5G applications. A security vulnerability exists in Cisco Ultra Cloud Core that allows an authenticated, local attacker to exploit the vulnerability to escalate...

GHSA-XJP4-6W75-QRJ7 Remote CLI Command Execution Vulnerability in CodeIgniter4

Impact This vulnerability allows attackers to execute CLI routes via HTTP request. Patches Upgrade to v4.1.9 or later. Workarounds None. For more information If you have any questions or comments about this advisory: Open an issue in codeigniter4/CodeIgniter4 Email us at SECURITY.md...

FortiAP-C - Command injection in CLI

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiAP-C console may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments...

CVE-2022-24711

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

Input validation

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

2app (>=1.0.0 <=1.2.8), 2fa-cli (>=1.0.0 <=1.0.4) +4339 more potentially affected by CVE-2022-22912 via plist (>=0.2.1 <=3.0.4)

plist NPM version =0.2.1, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =1.0.0, =0.0.1-beta.0, =0.0.1, =0.0.12, =0.1.1, =1.0.0, =0.20.0, =0.21.1 - @allroundexperts/rn-swiper =1.0.1 and more Source cves: CVE-2022-22912 Source advisory: OSV:GHSA-4CPG-3VGW-4877...

wasmtime-cli (=0.34.0) potentially affected by CVE-2022-23636 +1 more via wasmtime (=0.34.0)

wasmtime CARGO version =0.34.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - wasmtime-cli =0.34.0 Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:RUSTSEC-2022-0096...

wasmtime-cli (=0.34.0) potentially affected by CVE-2022-23636 +1 more via wasmtime (=0.34.0)

wasmtime CARGO version =0.34.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - wasmtime-cli =0.34.0 Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:GHSA-88XQ-W8CQ-XFG7...

CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

Design/Logic Flaw

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

CVE-2022-22945

CVE-2022-22945 affects VMware NSX Data Center for vSphere (NSX-V) in the NSX Edge appliance. A CLI shell injection exists that allows a user with SSH access to an NSX-Edge appliance to execute arbitrary commands as root on the underlying OS (local privilege escalation). Reported cause: improper i...

GHSA-G5V4-5X39-VWHX Zip slip directory exploit in github.com/deislabs/oras

Impact The directory support 55 allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting...