8029 matches found
Improper Certificate Validation in WP-CLI framework
Description Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including...
Improper Certificate Validation in WP-CLI framework
Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability...
openSUSE: Security Advisory for syncthing (openSUSE-SU-2021:0688-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:0713-1 Security update for syncthing
This update for syncthing fixes the following issues: Update to 1.15.0/1.15.1 This release fixes a vulnerability where Syncthing and the relay server can crash due to malformed relay protocol messages CVE-2021-21404; see GHSA-x462-89pf-6r5h. boo1184428 This release updates the CLI to use...
Security update for syncthing (moderate)
openSUSE Security Update: Security update for syncthing Announcement ID: openSUSE-SU-2021:0713-1 Rating: moderate References: 1184428 Cross-References: CVE-2021-21404 CVSS scores: CVE-2021-21404 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP...
grunt-kevoree (>=0.3.0 <=6.0.0-alpha.1), grunt-kevoree-registry (>=3.0.0 <=4.0.0-alpha) +9 more potentially affected by CVE-2020-7724 via tiny-conf (=1.1.0)
tiny-conf NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tiny-conf and may be impacted: - grunt-kevoree =0.3.0, =3.0.0, =5.7.0, =4.0.0, =5.5.0-alpha, =0.3.0, =1.6.0, =1.0.0-alpha, =1.0.1, =1.0.0, =1.0.2 Source cves: CVE-2020-7724...
BSA-2021-1495
Security Advisory ID : BSA-2021-1495 Component : CLI Revision : 1.0 Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. Affected Products Brocade...
Cisco SD-WAN Software Arbitrary File Corruption (cisco-sa-sdwan-arbfile-7Qhd9mCn)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by an arbitrary file corruption vulnerability. A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affect...
Cisco SD-WAN Software Privilege Escalation (cisco-sa-sdwan-privesc-QVszVUPy)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a privilege escalation vulnerability. A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on...
OPENSUSE-SU-2021:0688-1 Security update for syncthing
This update for syncthing fixes the following issues: Update to 1.15.0/1.15.1 This release fixes a vulnerability where Syncthing and the relay server can crash due to malformed relay protocol messages CVE-2021-21404; see GHSA-x462-89pf-6r5h. boo1184428 This release updates the CLI to use...
Security update for syncthing (moderate)
openSUSE Security Update: Security update for syncthing Announcement ID: openSUSE-SU-2021:0688-1 Rating: moderate References: 1184428 Cross-References: CVE-2021-21404 CVSS scores: CVE-2021-21404 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 An update...
muleify (>=2.5.7 <=4.0.5), oxe-cli (>=1.1.0 <=1.1.3) potentially affected by CVE-2020-8214 via servey (>=1.0.3 <=2.2.0)
servey NPM version =1.0.3, =2.5.7, =1.1.0, =1.1.3 Source cves: CVE-2020-8214 Source advisory: OSV:GHSA-V3PX-6CC8-F8J3...
@random-guys/coralpay-pgp (>=0.0.1 <=0.1.0), @woocommerce/components (>=1.0.0 <=1.0.1) +4 more potentially affected by CVE-2020-7719 via locutus (>=2.0.10 <=2.0.11)
locutus NPM version =2.0.10, =0.0.1, =1.0.0, =1.1.0, =1.0.2, =1.0.52, =0.1.0, =0.2.1 Source cves: CVE-2020-7719 Source advisory: OSV:GHSA-F98M-Q3HR-P5WQ...
@digiwano/enquirer-experiments (>=0.0.1 <=0.0.3), firepit (=0.0.1) +1 more potentially affected by CVE-2020-7716 via deeps (=1.4.5)
deeps NPM version =1.4.5 is affected by a known vulnerability. The following packages have a transitive dependency on deeps and may be impacted: - @digiwano/enquirer-experiments =0.0.1, =0.0.3 - firepit =0.0.1 - rnfb-cli =1.0.0 Source cves: CVE-2020-7716 Source advisory: OSV:GHSA-RGFV-V3JH-7FFP...
@chat21/chat21-server (>=0.1.0 <=0.2.54), @coaty/core (>=2.0.0 <=2.0.1) +21 more potentially affected by CVE-2020-13410 via aedes (>=0.11.1 <=0.41.0)
aedes NPM version =0.11.1, =0.1.0, =2.0.0, =2.0.101, =0.0.6, =1.6.0, =1.0.0, =0.1.0, =0.4.9-v, =0.0.1, =0.5.1, =0.0.1, =2.2.7, =1.0.2, =0.2.0, =0.2.1 and more Source cves: CVE-2020-13410 Source advisory: OSV:GHSA-GH78-48H3-FRJQ...
CVE-2021-1438
A vulnerability in Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute...
CVE-2021-1514
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An...
CVE-2021-1512
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. ...
Input validation
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An...
Input validation
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. ...