Arbitrary Code Execution

github.com/cli/cli is vulnerable to arbitrary code execution. An attacker can inject and execute malicious .\git.exe or .\git.bat files through the %PATH% variable on windows when gh runs on the current working directory...

VMSA-2022-0005:VMware NSX Data Center for vSphere update addresses CLI shell injection vulnerability

Advisory ID: VMSA-2022-0005.2 CVSSv3 Range: 8.8 Issue Date:2022-02-15 Updated On: 2022-04-07 CVEs: CVE-2022-22945 Synopsis: VMware NSX Data Center for vSphere update addresses CLI shell injection vulnerability CVE-2022-22945 RSS Feed Download PDF Download Text File Share this page on social media...

Cloudsploit - Cloud Security Posture Management (CSPM)

Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ npm install $ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ docker build . -t cloudsploit:0.0.1 $ docker run cloudsploit:0.0.1 -h $ docker run -...

GitHub CLI can execute a git binary from the current directory

Impact GitHub CLI depends on a git.exe executable being found in system %PATH% on Windows. However, if a malicious .\git.exe or .\git.bat is found in the current working directory at the time of running gh, the malicious command will be invoked instead of the system one. Windows users who run gh...

GHSA-FQFH-778M-2V32 GitHub CLI can execute a git binary from the current directory

Impact GitHub CLI depends on a git.exe executable being found in system %PATH% on Windows. However, if a malicious .\git.exe or .\git.bat is found in the current working directory at the time of running gh, the malicious command will be invoked instead of the system one. Windows users who run gh...

TerraGoat - Vulnerable Terraform Infrastructure

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments. Introduction TerraGoat was built to enable DevSecOps design and implement a...

@ckeditor/ckeditor5-dev-lint (>=1.0.0 <=2.0.3), @code_monk/hak-cli (>=1.0.6 <=1.0.9) +364 more potentially affected by CVE-2020-7751 via pathval (>=0.0.1 <=1.1.0)

pathval NPM version =0.0.1, =1.0.0, =1.0.6, =1.0.4, =2.0.3, =1.0.8, =1.0.3, =1.0.7, =2.0.3, =3.1.2, =1.0.3, =0.0.1, =0.1.0, =0.2.0 - @nwetzel/modern-web-dev-build =0.6.0 and more Source cves: CVE-2020-7751 Source advisory: OSV:GHSA-G6WW-V8XP-VMWG...

CVE-2022-20630 Cisco DNA Center Information Disclosure Vulnerability

A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploi...

CVE-2022-20630 Cisco DNA Center Information Disclosure Vulnerability

A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploi...

[SECURITY] Fedora 34 Update: podman-3.4.4-1.fc34

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Fortinet FortiExtender Command Injection Vulnerability

Fortinet FortiExtender is a wireless WAN extender appliance from Fortinet, Inc. A command injection vulnerability exists in Fortinet FortiExtender, which can be exploited by an authenticated attacker to execute privileged shell commands via CLI commands...

@abc.xyz/drop-down-treeview (>=0.0.15 <=0.0.16), @abcpros/bitcore-build (>=8.25.29 <=8.25.30) +1334 more potentially affected by CVE-2022-0437 via karma (>=0.10.2 <=6.3.13)

karma NPM version =0.10.2, =0.0.15, =8.25.29, =1.0.0, =0.1.1, =0.1.14, =1.0.2, =1.0.0, =1.2.0, =0.2.0-preview.3, =5.0.0, =0.23.0, =2.3.0, =2.11.0 and more Source cves: CVE-2022-0437 Source advisory: OSV:GHSA-7X7C-QM48-PQ9C...

SUSE SLES15 Security Update : containerd, docker (SUSE-SU-2022:0334-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0334-1 advisory. - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting ...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2021-25735)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that could allow node updates to bypass a validating admission webhook CVE-2021-25735 Vulnerability Details CVEID: CVE-2021-25735 Description: Kubernetes kube-apiserver could allow a remote...

Fedora: Security Advisory for rust-askalono-cli (FEDORA-2022-7ec8bda833)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.20.0

Release of OpenShift Serverless Client kn 1.20.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Security 3.68 security and enhancement update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes a bug fixes, security patches and new feature enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...

Cisco DNA Center Information Disclosure Vulnerability

A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploi...

CVE-2021-41016

A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...

Command injection

A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...