PT-2021-19256 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 20.4R3-S1-EVO Juniper Networks Junos OS Evolved versions 21.1-EVO and 21.2-EVO Description: A command injection issue in command processing allows an attacker with authenticated CLI access t...

Cisco IOS XE Software TrustSec CLI Parser DoS (cisco-sa-trustsec-dos-7fuXDR2)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the TrustSec CLI parser that allows an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. ...

Cisco IOS Software TrustSec CLI Parser DoS (cisco-sa-trustsec-dos-7fuXDR2)

According to its self-reported version, Cisco IOS is affected by a vulnerability in the TrustSec CLI parser that allows an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.9.0 packages and security update

Red Hat OpenShift Container Platform release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.9.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

CVE-2021-40720

Ops CLI version 2.0.4 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkoutrepo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine...

CVE-2021-40720

Ops CLI version 2.0.4 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkoutrepo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine...

Deserialization of untrusted data

Ops CLI version 2.0.4 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkoutrepo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine...

PYSEC-2021-380

Ops CLI version 2.0.4 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkoutrepo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine...

CVE-2021-40720 Ops CLI Deserialization of Untrusted Data leads to Abritrary Code Execution

Ops CLI version 2.0.4 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkoutrepo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine...

CVE-2021-40720

Ops CLI (version 2.0.4 and earlier) is affected by a Deserialization of Untrusted Data vulnerability in the checkout_repo function that allows arbitrary code execution when processing a malicious file. This is documented across multiple sources (e.g., Veracode and OSV/GHSA entries) as a vulnerabi...

Integer overflow that can lead to heap overflow in redis-cli redis-sentinel on some platforms

...

Adobe Ops-cli 代码问题漏洞

Adobe Ops-cli is a Cli wrapper for Terraform, Ansible, Helmfile, and Ssh for cloud automation from Adobe USA. A code issue vulnerability exists in Adobe ops-cli that stems from the product not doing valid validation of input data during deserialization. The vulnerability can be exploited to execu...

PAN-OS: Impact of the Raccoon Attack Vulnerability CVE-2020-1968

In versions of Palo Alto Networks PAN-OS software earlier than PAN-OS 10.0, the DHE cipher available for use in traffic decryption improperly shares a cryptographic secret across multiple TLS connections, which weakens its cryptographic strength. This is a prerequisite for successful exploitation...

Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS contains a security vulnerability that originates from a mismanagement of privileg...

GHSA-Q324-Q795-2Q5P Path traversal when using `preview-docs` when working dir contains files with question mark `?` in name

Impact preview-docs command allows path traversal if current working dir contains files with question mark ? in name and attacker knows the name. Patches It was patched starting from 1.0.0-beta.59 Workarounds Do not run openapi-cli preview-docs command in the folder which contains files with...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...

Lancom Lcos has an unspecified vulnerability

Lancom Lcos is a Lancom operating system built for Lancom routers, wireless by Lancom Greece. versions 10.40 to 10.42.0473-RU3 of LCOS contain a security vulnerability that could be exploited by an attacker to change the root user password via the CLI...

APSB21-88  Security update available for Adobe ops-cli

Adobe has released an update for Adobe ops-cli. This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user...

@questwork/authenticator (>=0.1.0 <=0.1.5), @questwork/qw-service-tools (>=0.0.8 <=0.1.4) +22 more potentially affected by CVE-2021-23561 via comb (>=0.0.6 <=2.0.0)

comb NPM version =0.0.6, =0.1.0, =0.0.8, =0.0.1, =1.0.3, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-23561 Source advisory: SNYK:JS-COMB-1730083...