Azure IoT CLI extension Elevation of Privilege Vulnerability

...

Microsoft Azure IoT CLI Authorization Issues Vulnerability

Microsoft Azure IoT is a centralized managed service from Microsoft Corporation USA. for bi-directional communication between IoT applications and their managed devices. An authorization issue vulnerability exists in the Microsoft Azure IoT CLI. The following products and versions are affected:...

The vulnerability of the command-line interface (CLI) of the programmatically defined Cisco SD-WAN network allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the command-line interface CLI of Cisco SD-WAN software-defined networks is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to compromise the confidentiality and integrity of the protected information...

Cisco IOS XR Software Unauthorized Information Disclosure (cisco-sa-ios-infodisc-4mtm9Gyt)

According to its self-reported version, IOS-XR is affected by an information disclosure vulnerability in its CLI parser component due to insufficient application of restrictions for a specific command. An authenticated, local attacker can exploit this, by issuing a crafted command at the command...

CVE-2021-1128

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit...

Design/Logic Flaw

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit...

Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software

Cisco-CVE-2020-3452-checker simple bash script of Cisco CVE-20...

CVE-2021-1370

CVE-2021-1370 affects Cisco IOS XR Software on Cisco 8000 Series Routers and NCS540L software images. A vulnerability in a CLI command allows an authenticated, local attacker to escalate privileges to root due to insufficient validation of command line arguments. Exploitation requires a valid acc...

CVE-2021-1370 Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Privilege Escalation Vulnerability

A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker...

CVE-2021-1128

Cisco IOS XR Software contains a vulnerability in the CLI parser that could allow an authenticated, local attacker to disclose sensitive configuration information due to insufficient command-restriction handling. Affected: IOS XR CLI parser; Impact: information disclosure with HIGH confidentialit...

CVE-2021-1128 Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit...

CVE-2021-1128 Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit...

Cisco IOS XR Information Disclosure Vulnerability

Cisco IOS XR software is a modular and fully distributed network operating system for service provider networks. An information disclosure vulnerability exists in the CLI parser in Cisco IOS XR versions prior to 7.1.2, 7.2.1, and 7.3.1. The vulnerability stems from insufficient application of...

Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit...

Cisco IOS和Cisco IOS XR 权限许可和访问控制问题漏洞

Cisco IOS XR software is a modular and fully distributed network operating system for service provider networks. An information disclosure vulnerability exists in the CLI parser in Cisco IOS XR versions prior to 7.1.2, 7.2.1, and 7.3.1. The vulnerability stems from insufficient application of...

Command injection

UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command...

npos-cli (>=0.0.5 <=0.0.6) potentially affected by CVE-2020-28453 via npos-tesseract (=0.0.3)

npos-tesseract NPM version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on npos-tesseract and may be impacted: - npos-cli =0.0.5, =0.0.6 Source cves: CVE-2020-28453 Source advisory: SNYK:JS-NPOSTESSERACT-1051031...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.13 packages and security update

Red Hat OpenShift Container Platform release 4.6.13 is now available with updates to packages and images that fix several bugs. A security update for cri-o, openshift, openshift-clients, openshift-kuryr, and skopeo is now also available for Red Hat OpenShift Container Platform 4.6. Red Hat Produc...

CVE-2021-21272

ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the downloade...

Cisco SD-WAN vManage Information Disclosure Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An information disclosure vulnerability exists in the CLI of Cisco SD-WAN vManage versions prior to 19.2.3, which can be exploited by an attacker to read database files from the underlying...