CVE-2022-22553

Dell EMC AppSync versions 3.9–4.3 are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability. An adjacent unauthenticated attacker could brute-force passwords via UI/CLI, potentially leading to account takeover if weak passwords are used. No remediation or fixed ve...

CVE-2022-22553

Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is...

OSV-2022-70 Heap-buffer-overflow in cli_sigopts_handler

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43843 Crash type: Heap-buffer-overflow READ 1 Crash state: clisigoptshandler loadoneldb cliloadldb...

Critical Cisco StarOS Bug Grants Root Access via Debug Mode

Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company’s StarOS debug services. Cisco pushed out a fix for its Cisco StarOS Software on Wednesday. Jan. 19. In its advisory, the company said that the fl...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

Cisco IOS XE SD-WAN Software Multiple Products CLI Command Injection (cisco-sa-cli-cmdinj-4MttWZPB)

According to its self-reported version, Cisco IOS XE SD-WAN Software is affected by multiple vulnerabilities. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

ConfD CLI Command Injection Vulnerability

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...

memory contents disclosure in cli_feat_read_cb

...

CVE-2022-22162

A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise...

Information disclosure

A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise...

CVE-2022-22156

CVE-2022-22156 affects Juniper Networks Junos OS. The issue is an improper certificate validation when fetching system scripts via HTTPS, enabling potential Man-in-the-Middle attacks that could compromise integrity and confidentiality. Affected products include Junos OS across multiple released v...

Fortinet FortiOS Privilege Escalation (FG-IR-20-131)

The remote host is running a version of FortiOS prior or equal to 6.0.12, 6.2.x prior or equal to 6.2.9, 6.4.x prior or equal to 6.4.6, 7.0.0 or FortiOS-6K7K version prior or equal to 6.2.6, 6.4.2. It is, therefore, affected by a privilege escalation vulnerability in FortiOS autod daemon, which m...

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...

CVE-2022-22162

A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise...

Juniper Junos OS Vulnerability (JSA11270)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11270 advisory. - A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low...

CVE-2021-46060

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

@across-ui/example (>=0.0.1-alpha.4 <=0.0.4-alpha.5), @agreejs/api (>=0.0.1 <=3.2.14) +752 more potentially affected by CVE-2020-28500 via lodash-es (>=4.0.0 <=4.17.20)

lodash-es NPM version =4.0.0, =0.0.1-alpha.4, =0.0.1, =0.0.2, =3.2.1, =3.2.1, =3.2.1, =0.0.1, =3.2.1, =3.2.1, =0.1.0, =0.3.14, =0.4.63, =0.4.64 and more Source cves: CVE-2020-28500 Source advisory: OSV:GHSA-29MW-WPGM-HMR9...

AZL-33571 CVE-2021-44716 affecting package cf-cli for versions less than 8.4.0-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33616 CVE-2021-44716 affecting package moby-cli for versions less than 20.10.27-5

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

How to use vhd-util to Scan for Orphaned or Bad VHD Files

This article details how to use vhd-util to scan for Orphaned/Bad VHD Files. Requirements CLI connection to XenServer host, preferably through an SSH client Basic CLI command usage grep, less, tail LVM, EXT, or NFS storage type...