CVE-2021-39135

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

433bf (=0.0.1), @achinet/nestjs-async (=0.0.1) +147 more potentially affected by CVE-2021-39134 via @npmcli/arborist (>=0.0.0-pre.10 <=2.10.0)

@npmcli/arborist NPM version =0.0.0-pre.10, =1.2.0, =8.1.0, =1.1.0-next.4, =0.2.7, =0.13.0, =0.0.1, =0.0.1, =0.0.29, =1.1.0-rc.283, =1.1.0-rc.282, =1.1.0-rc.292 and more Source cves: CVE-2021-39134 Source advisory: OSV:GHSA-2H3H-Q99F-3FHC...

Node.js -- August 2021 Security Releases (2)

Node.js reports: npm 6 update - node-tar, arborist, npm cli modules These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal...

openSUSE 15 Security Update : aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (openSUSE-SU-2021:1206-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1206-1 advisory. - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control...

openSUSE: Security Advisory for aws-cli, (openSUSE-SU-2021:1206-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

aquamarine-vm (>=0.1.0 <=0.5.2), ashpaper-plus (>=0.5.0 <=0.5.1) +140 more potentially affected by CVE-2021-32629 via cranelift-codegen (>=0.14.0 <=0.72.0)

cranelift-codegen CARGO version =0.14.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.2.9, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.26.1, =0.13.2, =0.8.0, =0.14.0, =0.14.0, =0.66.0 and more Source cves: CVE-2021-32629 Source advisory: OSV:GHSA-HPQH-2WQX-7QP5...

ckb-analyzer (>=0.37.0 <=0.39.2), ckb-app-config (>=0.37.0 <=0.100.0-rc2) +60 more potentially affected by CVE-2021-45697 via molecule (>=0.2.5 <=0.7.1)

molecule CARGO version =0.2.5, =0.37.0, =0.37.0, =0.4.0, =0.37.0, =0.37.0, =0.37.0, =0.40.0, =0.40.0, =0.37.0, =0.37.0, =0.37.0, =0.37.0, =0.1.0, =0.37.0, =0.39.1 and more Source cves: CVE-2021-45697 Source advisory: OSV:GHSA-82HM-VH7G-HRH9...

addr2line (=0.6.0), backtrace (>=0.3.6 <=0.3.9) +11 more potentially affected by CVE-2021-25901 via lazy-init (>=0.1.1 <=0.3.0)

lazy-init CARGO version =0.1.1, =0.3.6, =0.1.0, =0.1.0, =0.1.0, =0.7.0, =0.4.0, =0.4.0, =0.2.0, =0.2.0, =0.1.0, =0.1.0, =0.3.0 Source cves: CVE-2021-25901 Source advisory: OSV:GHSA-W47J-HQPF-QW9W...

CLI-game-of-life (=0.1.0), RustyBox (=0.1.0) +1581 more potentially affected by CVE-2020-35922 via mio (=0.7.14)

mio CARGO version =0.7.14 is affected by a known vulnerability. The following packages have a transitive dependency on mio and may be impacted: - CLI-game-of-life =0.1.0 - RustyBox =0.1.0 - RustyVault =0.1.0, =0.1.0, =2.0.0-beta.1, =0.1.0, =0.9.0, =0.9.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0 and more...

CVE-2021-1584

Cisco Nexus 9000 Series Fabric Switches operating in Application Centric Infrastructure (ACI) mode are affected by CVE-2021-1584. The flaw arises from insufficient restrictions during the execution of a specific CLI command, enabling an authenticated, local attacker with administrative privileges...

CVE-2021-33886

An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as t...

openSUSE: Security Advisory for aws-cli, (openSUSE-SU-2021:2817-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:2817-1 Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3

This patch updates the Python AWS SDK stack in SLE 15: General: aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all change...

SUSE-SU-2021:2817-1 Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3

This patch updates the Python AWS SDK stack in SLE 15: General: aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all change...

@aeternity/aeproject (>=3.0.4 <=3.0.5), @berlinvege/fedockerjs (>=1.0.4 <=1.0.5) +95 more potentially affected by CVE-2021-23732 via docker-cli-js (>=1.0.9 <=2.9.0)

docker-cli-js NPM version =1.0.9, =3.0.4, =1.0.4, =0.0.10, =1.0.0, =0.0.1, =0.0.1, =1.0.710, =0.1.0, =3.0.28, =3.0.29, =0.0.1, =0.8.6, =1.0.0, =1.0.2 and more Source cves: CVE-2021-23732 Source advisory: SNYK:JS-DOCKERCLIJS-1568516...

CVE-2021-39291

Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800...

CVE-2021-39291

Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800...

Design/Logic Flaw

Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800...

CVE-2021-39291

CVE-2021-39291 affects NetModule Router Software (NRSW) across multiple NB series devices. Vulnerability: credentials can be exposed via GET parameters to the CLI-PHP interface, on NetModule NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3...

CVE-2021-39291

Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800...