PYSEC-2021-853

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

PYSEC-2021-853

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

CVE-2021-43837 Template injection in vault-cli

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

CVE-2021-43837

vault-cli (the HashiCorp Vault CLI and Python library) is vulnerable prior to version 3.0.0 due to rendering templated secrets with a Jinja2 template after the prefix !template!. An attacker controlling such a template could trigger arbitrary code execution. In 3.0.0 this templating code was remo...

@bitacode/apispecmd-ts (>=0.0.1 <=0.1.2), @layer0/node-license-report (>=0.0.0 <=0.0.3) +13 more potentially affected by CVE-2021-23639 via md-to-pdf (>=2.8.2 <=4.1.0)

md-to-pdf NPM version =2.8.2, =0.0.1, =0.0.0, =0.0.2, =0.0.2, =0.7.2, =1.0.1, =0.2.0, =0.1.0, =1.1.0, =0.2.0, =1.5.0, =1.10.0, =1.0.0, =0.0.2, =0.0.10 Source cves: CVE-2021-23639 Source advisory: OSV:GHSA-X949-7CM6-FM6P...

vault-cli 代码注入漏洞

vault-cli is a Python 3.6 tool that provides simple interactions to manipulate secrets from Hashicorp Vault. vault-cli is vulnerable to an injection vulnerability in versions prior to 3.0.0, which stems from the failure of a network system or product to properly filter special elements in code...

Privilege Escalation

github.com/opensearch-project/opensearch-cli is vulnerable to Privilege Escalation. The vulnerability exists due to the weak file path permission in the configuration file, allowing an attacker to read or write any file on the file path...

CVE-2021-44833

The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Python Log4RCE An all-in-one pure Python3 PoC for CVE-2021-4...

Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832

Apache Log4j Java library is vulnerable to a remote code execution vulnerability CVE-2021-44228, known as Log4Shell, and related vulnerabilities CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Log4Shell allows remote unauthenticated attackers with the ability to inject text into log messages ...

@love-open-source/ember-slider (>=0.0.2 <=1.1.10), broccoli-compass-compiler (>=0.0.1 <=0.0.6) +1 more potentially affected by CVE-2020-7635 via compass-compile (=0.0.1)

compass-compile NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on compass-compile and may be impacted: - @love-open-source/ember-slider =0.0.2, =0.0.1, =0.1.0, =0.5.0 Source cves: CVE-2020-7635 Source advisory: OSV:GHSA-7Q9F-X6RM-QMXR...

CVE-2021-42759

A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands...

CVE-2021-42759

A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands...

Design/Logic Flaw

A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands...

GHSA-R562-M862-63W3 APM Java Agent Local Privilege Escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

Fortinet FortiOS Access Control Error Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An access control error...

Fortinet Meru AP 操作系统命令注入漏洞

Fortinet Meru Ap is a wireless access point from Fortinet, Inc. Fortinet Meru AP is vulnerable to code injection in versions 8.6.1 and 8.5.5 and below. The vulnerability stems from a failure of the network system or product to properly filter special elements in code segments constructed from...

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

Privilege escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...