Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this...

Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerabilit...

Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol CIP and then remotely configure the device as an administrative user. This vulnerability exists because...

Cisco IOS XE SD-WAN Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Cisco IOS XE SD-WAN Software 参数注入漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A parameter injection vulnerability exists in the CLI for SD-WAN on Cisco IOS XE. The vulnerability stems from insufficient input validation of certain CLI commands. An attacker...

Cisco IOS XE SD-WAN Software 资源管理错误漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An elevation of privilege vulnerability exists in the CLI management for SD-WAN in Cisco IOS XE. The vulnerability stems from a problem with the way the software handles concurren...

PT-2021-2454 · Cisco · Cisco Ios Xe Sd-Wan +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE SD-WAN Software affected versions not specified Description: The issue exists due to insufficient input validation of certain CLI commands, allowing an authenticated, local attacker to access the underlying operating system with...

PT-2021-2507 · Cisco · Cisco Ios Xe Sd-Wan +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE SD-WAN Software affected versions not specified Description: A vulnerability in CLI management could allow an authenticated, local attacker to access the underlying operating system as the root user. This issue is due to the way...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2021-21334)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability found in containerd that could allow containers using the same image to share environment variables CVE-2021-21334. Vulnerability Details CVEID: CVE-2021-21334 In containerd an industry-standard container runtime before...

PT-2021-2729 · Microsoft · Ms-Rest-Nodeauth

Name of the Vulnerable Software and Affected Versions: ms-rest-nodeauth library affected versions not specified Description: The issue is related to the implementation of the execAz function in the authentication library for Azure services, which fails to neutralize special elements used in...

Fedora: Security Advisory for kde-cli-tools (FEDORA-2021-85c9774673)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

@arpinum/backend (>=0.0.3 <=0.0.65), @austbot/wallet-sdk (=1.0.0-beta.21) +135 more potentially affected by CVE-2021-21267 via schema-inspector (>=1.4.2 <=1.7.0)

schema-inspector NPM version =1.4.2, =0.0.3, =0.1.0, =0.1.5, =0.1.1, =0.0.3, =0.0.1, =1.0.0, =3.2.7, =3.3.4, =0.0.3, =2.0.0, =0.0.1, =4.1.2 and more Source cves: CVE-2021-21267 Source advisory: OSV:GHSA-F38P-C2GQ-4PMR...

SnitchDNS - Database Driven DNS Server With A Web UI

SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services. One of its main features is the logging of all DNS queries allowing the discovery o...

Prototype Pollution

cli-table is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes of the function option and modify attributes such as proto, constructor and prototype...

Cisco IOS XR Software for 8000 Series Routers Network Convergence System 540 Series Routers Privilege Escalation (cisco-sa-iosxr-pe-QpzCAePe)

According to its self-reported version, Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images is affected by an privilege escalation vulnerability in its CLI command due to insufficient validation of command line...

Code Injection in prayag2/konsave

✍️ Description konsave is a CLI program that will let you save and apply your KDE Plasma customizations with just one command , which is vulnerable to YAML deserialization attack caused by unsafe loading leads to Arbitary Code Execution. 🕵️‍♂️ Proof of Concept Installation bash pip install konsave...

Azure LoLBins: Protecting against the dual use of virtual machine extensions

Azure Defender for Resource Manager offers unique protection by automatically monitoring the resource management operations in your organization, whether theyre performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients. In this blog, we will look into the...

@apollosproject/apollos-cli (>=2.43.1 <=3.0.0-canary.57), @apollosproject/react-native-make (>=3.0.4 <=3.0.5) +22 more potentially affected by CVE-2021-29060 via color-string (>=1.2.0 <=1.5.3)

color-string NPM version =1.2.0, =2.43.1, =3.0.4, =3.0.2, =1.0.0, =2.1.2, =3.0.1, =2.4.0, =3.2.4, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.3, =0.0.0, =0.0.7 and more Source cves: CVE-2021-29060 Source advisory: SNYK:JS-COLORSTRING-1082939...

CVE-2021-26963

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could...

AZL-39352 CVE-2021-24032 affecting package ceph for versions less than 16.2.10-3

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to...