runC: Container breakout

Background runC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability in runC could allow an attacker to achieve privilege escalation if specific mount configuration prerequisites are satisfied. Impact An attacker may be able to escalati...

CVE-2021-26106

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

Command injection

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

CVE-2021-26106

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

CVE-2021-21284 affecting package moby-cli 19.03.15-2

CVE-2021-21284 affecting package moby-cli 19.03.15-2. An upgraded version of the package is available that resolves this issue...

CVE-2021-21285 affecting package moby-cli 19.03.15-2

CVE-2021-21285 affecting package moby-cli 19.03.15-2. An upgraded version of the package is available that resolves this issue...

CVE-2021-29711

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965...

Code injection

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965...

CVE-2021-29711

IBM UrbanCode Deploy UCD 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965...

CVE-2021-29711

CVE-2021-29711 affects IBM UrbanCode Deploy (UCD) versions including 6.2.7.3/4/8/9, 7.0.3.0/4.0/5.4, 7.1.0.0/1.0/1.1/1.2, and 7.1.1.x. The IBM security bulletin notes that an authenticated user with certain permissions could initiate an agent upgrade through the CLI interface, due to inconsistent...

FortiWAN - OS command injection leads to privilege escalation

An OS command injection CWE-78 vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command...

FortiAP - OS command Injection through kdbg CLI command

An instance of improper neutralization of special elements used in an OS Command found in FortiAP's console may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

CVE-2021-30648

The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...

Authentication flaw

The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...

CVE-2021-30648

CVE-2021-30648 affects Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles, enabling an unauthenticated authentication bypass that allows arbitrary CLI commands, viewing/modifying appliance configuration and policy, and shutdown/restart. Affected products: ASG and ProxySG. ...

CVE-2021-30648

The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...

Authentication Bypass in ASG and ProxySG

Summary The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...

nvme-cli bug fix and enhancement update

An update is available for nvme-cli. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The nvme-cli packages provide the Non-volatile Memory Express NVMe...

docker-engine docker-cli security update

docker-engine 19.03.11-11 - Addresses CVE-2021-30465 - updated runc minimum version to runc = 3:1.0.0-1.rc95. 19.03.11-10 - Addresses runc CVE-2021-30465 - updated runc versions in cli/vendor.conf and docker-engine/vendor.conf to 1.0.0-rc95...

docker-engine docker-cli security update

docker-engine 19.03.11-11 - Addresses CVE-2021-30465 - updated runc minimum version to runc = 3:1.0.0-1.rc95. 19.03.11-10 - Addresses runc CVE-2021-30465 - updated runc versions in cli/vendor.conf and docker-engine/vendor.conf to 1.0.0-rc95...