CVE-2021-29504

WP-CLI (WordPress CLI) vulnerability CVE-2021-29504 arises from improper error handling in HTTPS requests in WP_CLI\Utils\http_request(). On TLS handshake errors, the older default disabled certificate validation, allowing a remote attacker to intercept traffic, impersonate update servers, and pu...

CVE-2021-29504 Improper Certificate Validation in WP-CLI framework

WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the...

Krane - Kubernetes RBAC Static Analysis And Visualisation Tool

Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. Features RBAC Risk rules - Krane...

@backstage/plugin-catalog (>=0.0.0-nightly-202011242419 <=0.2.9), @backstage/plugin-techdocs (>=0.0.0-nightly-2021242250 <=0.7.0) +2 more potentially affected by CVE-2021-32660 via @backstage/techdocs-common (>=0.0.0-nightly-20220923026 <=0.5.1)

@backstage/techdocs-common NPM version =0.0.0-nightly-20220923026, =0.0.0-nightly-202011242419, =0.0.0-nightly-2021242250, =0.0.0-nightly-2021112332, =0.0.0-nightly-2022122206, =0.8.16 Source cves: CVE-2021-32660 Source advisory: OSV:GHSA-PWHF-39XG-4RXW...

CVE-2021-1528

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this...

CVE-2021-1528

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this...

CVE-2021-1540

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software StarOS could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details sectio...

CVE-2021-1539

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software StarOS could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details sectio...

Design/Logic Flaw

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this...

Authorization

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software StarOS could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details sectio...

Authorization

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software StarOS could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details sectio...

CVE-2021-1540 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software StarOS could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details sectio...

CVE-2021-1540 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software StarOS could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details sectio...

CVE-2021-1539 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software StarOS could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details sectio...

CVE-2021-1539

CVE-2021-1539 concerns multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) that allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. The issue stems from weaknesses in the authoriza...

CVE-2021-1539 Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software StarOS could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details sectio...

CVE-2021-1528

CVE-2021-1528 affects Cisco SD-WAN Software. The vulnerability is in the CLI where access to privileged processes is not properly restricted, allowing an authenticated, local attacker to escalate privileges and potentially execute actions with root-level privileges. Impact is elevated privileges ...

CVE-2021-1528 Cisco SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this...

CVE-2021-1528 Cisco SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this...

CVE-2021-22130

A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the diagnose sys cpuset with a large cpuset mask value...