Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.9.4 packages and security update

Red Hat OpenShift Container Platform release 4.9.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...

GHSA-4365-FHM5-QCRX Maliciously Crafted Model Archive Can Lead To Arbitrary File Write

Impact An Archive Extraction Zip Slip vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file. Patches The vulnerability is fixed ...

Cisco SD-WAN Security Bug Allows Root Code Execution

Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could lead to arbitrary code execution. Cisco’s SD-WAN portfolio allows businesses of all sizes to connect disparate office locations via the cloud using various...

askbob (>=0.0.3 <=0.0.4), pre-assistant (>=0.23.5 <=0.23.16) +9 more potentially affected by CVE-2021-41127 via rasa (>=1.10.0 <=2.2.9)

rasa PYPI version =1.10.0, =0.0.3, =0.23.5, =1.0.2, =0.1.0, =1.0.3, =0.3.0, =0.1.0, =0.1.0, =1.0.0, =0.0.2, =0.0.4 Source cves: CVE-2021-41127 Source advisory: OSV:PYSEC-2021-381...

PYSEC-2021-381

Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...

CVE-2021-1529

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating t...

CVE-2021-1529

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating t...

Input validation

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating t...

CVE-2021-1529

Cisco IOS XE SD-WAN Software contains a CLI input-validation flaw that can let an authenticated, local attacker run arbitrary root commands. Vectors involve submitting crafted CLI input after authentication. Impact is arbitrary OS command execution with root privileges. Cisco has released updates...

CVE-2021-1529 Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating t...

Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating t...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.15 packages and security update

Red Hat OpenShift Container Platform release 4.8.15 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...

CVE-2021-31358

A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allow...

CVE-2021-31356

A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an...

Privilege escalation

An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter CLI allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service DoS. Depending on the files overwritte...

Command injection

A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an...

CVE-2021-31360 Junos OS and Junos OS Evolved: Denial of Service vulnerability in local file processing

An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter CLI allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service DoS. Depending on the files overwritte...

CVE-2021-31358 Junos OS Evolved: shell-injection vulnerabilities in evo_sftp UI wrapper script

A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allow...

CVE-2021-31357

CVE-2021-31357 describes a command-injection vulnerability in Juniper Networks Junos OS Evolved specifically in the tcpdump command processing. The issue allows an attacker with authenticated CLI access to bypass CLI command restrictions and execute arbitrary shell commands within the current use...

CVE-2021-31357 Junos OS Evolved: shell-injection vulnerabilities in evo_tcpdump UI wrapper script

A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability...