FortiExtender - Arbitrary command execution because of missing CLI input sanitization

An improper neutralization of special elements used in a command vulnerability 'Command Injection' CWE-77 in FortiExtender may allow an authenticated user to raise its privileges to admin user via crafted arguments of the execute CLI command...

CVE-2021-28962

Stormshield Network Security SNS before 4.2.2 allows a read-only administrator to gain privileges via CLI commands...

CVE-2021-28962

Stormshield Network Security SNS before 4.2.2 allows a read-only administrator to gain privileges via CLI commands...

Command injection

Stormshield Network Security SNS before 4.2.2 allows a read-only administrator to gain privileges via CLI commands...

CVE-2021-28962

Stormshield Network Security SNS before 4.2.2 allows a read-only administrator to gain privileges via CLI commands...

CVE-2021-28962

The CVE-2021-28962 entry applies to Stormshield Network Security (SNS) prior to version 4.2.2. A command-injection vulnerability exists that lets a read-only administrator gain elevated privileges by issuing crafted CLI input. Affected product/versions: SNS before 4.2.2. Impact: attackers with re...

PT-2022-9906 · Stormshield · Stormshield Network Security

Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions prior to 4.2.2 Description: The issue allows a read-only administrator to gain privileges via CLI commands. Recommendations: For versions prior to 4.2.2, update to version 4.2.2 or later to resolve th...

Fedora: Security Advisory for rust-askalono-cli (FEDORA-2022-c4071e3dc7)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Mininode - A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis

Mininode is a CLI tool to reduce the attack surface of the Node.js applications by using static analysis of source code. It supports two modes of reduction 1 coarse, 2 fine. Mininode constructs the dependency graph modules and functions used of the application starting from main file, i.e. entry...

SUSE SLES12 Security Update : containerd, docker (SUSE-SU-2022:0213-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0213-1 advisory. - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting ...

Mageia: Security Advisory (MGASA-2018-0222)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0159)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 Local privilege escalation via pkexec You...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.54 extras and security update

Red Hat OpenShift Container Platform release 4.6.54 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of...

OSV-2022-90 Heap-double-free in cli_extract_xlm_macros_and_images

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44040 Crash type: Heap-double-free Crash state: cliextractxlmmacrosandimages cliole2scantempdir cliscanole2...

DELL EMC AppSync has an unspecified vulnerability

DELL EMC AppSync is a replication data management software from Dell USA Inc. The security vulnerability in DELL EMC AppSync stems from the fact that Dell EMC AppSync versions 3.9 through 4.3 contain an "over-authentication Improper Attempt Limitation" vulnerability, which can be exploited from t...

Invisible Chat Participant

onionshare-cli allows invisible chat participants. Any user public or authenticated is able to send chats without being visible in the chat list due to lack of secure validation of active users in a chat environment session...

Pwndora - Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes, Create Your Own IoT Search Engine At Home

Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are open, and collects more information about targets, each result is stored in Elasticsearch. You can integrate with Kibana to be able to visualize and manipulate dat...

CVE-2022-22553

Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is...

Authentication flaw

Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is...