8009 matches found
Design/Logic Flaw
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and t...
CVE-2021-32600
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and t...
CVE-2021-32600
CVE-2021-32600 relates to Fortinet FortiOS CLI exposing sensitive VDOM information to a local, authenticated user. Connected sources (FG-IR-20-243) describe that a user assigned to a specific VDOM can retrieve information from other VDOMs, including the admin account list and the network interfac...
CVE-2021-41092
A confidential data leak vulnerability was found in Docker CLI. The execution of docker login to a private registry may send provided credentials in a misconfigured docker credentials store to the registry-1.docker.io rather than the specified private registry. This flaw allows an attacker to ste...
ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file by...
[SECURITY] Fedora 35 Update: python-botocore-1.22.7-1.fc35
A low-level interface to a growing number of Amazon Web Services. The botocore package is the foundation for the AWS CLI as well as boto3...
CVE-2021-3061
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface CLI enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9....
Command injection
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface CLI enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9....
CVE-2021-3061
CVE-2021-3061 describes an OS command injection vulnerability in PAN-OS CLI. An authenticated administrator with CLI access can run arbitrary OS commands to escalate privileges. Affected: PAN-OS 8.1, 9.0, 9.1, 10.0, and 10.1 releases earlier than listed builds (e.g., 8.1.x before 8.1.20-h1; 9.0.x...
PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface CLI enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. Work around: This issue requires the attacker to have authenticated access to th...
GHSA-3RCW-9P9X-582V Code injection in `saved_model_cli`
Impact TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings python def preprocessinputexprsargstringinputexprsstr: ... for inputraw in filterbool, inputexprsstr.split';': ... inputkey, expr = inputraw.split'=', 1 inputdictinputkey = evalexpr...
nvme-cli bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
nvme-cli bug fix and enhancement update
An update is available for nvme-cli. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpris...
stratis-cli bug fix and enhancement update
An update is available for stratis-cli, stratisd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...
ALBA-2021:4217 stratis-cli bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
stratis-cli bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
Google TensorFlow OS command injection vulnerability
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An operating system command injection vulnerability exists in Google TensorFlow, which stems from the fact that the savedmodelcli tool is vulnerable to code injection because it calls eval on a...
Ubuntu 18.04 LTS / 20.04 LTS : Docker vulnerability (USN-5134-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5134-1 advisory. An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied...
@graphql-mesh/cli (>=0.12.0 <=0.19.2), @graphql-mesh/container (>=0.0.4 <=0.0.6) potentially affected by CVE-2021-41248 +1 more via graphql-playground-react (=1.7.27)
graphql-playground-react NPM version =1.7.27 is affected by a known vulnerability. The following packages have a transitive dependency on graphql-playground-react and may be impacted: - @graphql-mesh/cli =0.12.0, =0.0.4, =0.0.6 Source cves: CVE-2021-41248, CVE-2021-41249 Source advisory:...
PYSEC-2021-637
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...