CVE-2021-0219 Junos OS: Command injection vulnerability in 'request system software' CLI command

A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command...

CVE-2021-0215 Junos OS: EX Series, QFX Series, SRX Branch Series, MX Series: Memory leak in packet forwarding engine due to 802.1X authenticator port interface flaps

On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An...

CVE-2021-0202 Junos OS: MX Series, EX9200 Series: Trio-based MPC memory leak when Integrated Routing and Bridging (IRB) interface is mapped to a VPLS instance or a Bridge-Domain

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC Modular Port Concentrator where Integrated Routing and Bridging IRB interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge CE device may cause memory leak...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Serverless Client kn 1.12.0

Red Hat OpenShift Serverless Client kn 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the C...

Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability

The Cisco AnyConnect Secure Mobility Client is a virtual private network VPN client for a variety of operating systems and hardware configurations. An arbitrary file read vulnerability exists in the upgrade component of the Cisco AnyConnect Secure Mobility Client, which can be exploited by a...

CVE-2021-1126

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center FMC could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. A...

Design/Logic Flaw

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center FMC could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. A...

CVE-2021-1126 Cisco Firepower Management Center Information Disclosure Vulnerability

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center FMC could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. A...

CVE-2021-1126

CVE-2021-1126 affects Cisco Firepower Management Center (FMC). The issue is due to plaintext storage and weak permissions of proxy-server credentials in FMC configuration files, enabling an authenticated, local attacker to view credentials by accessing the CLI. The vulnerability’s impact is an in...

CVE-2021-1126 Cisco Firepower Management Center Information Disclosure Vulnerability

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center FMC could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. A...

CVE-2021-1258 Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to insufficient file permission...

PT-2021-2135 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos versions 17.3R3-S8 through 17.4R3-S2 Junos versions 18.2R3-S4 through 18.2R3-S5 Junos versions 18.3R3-S2 through 18.3R3-S3 Junos versions 18.4R3-S1 through 18.4R3-S6 Junos versions 19.2R2 through 19.2R3-S1 Junos versions 19.4R2 through...

Vulnerabilities fixed in Aruba Airwave Glass

Vulnerabilities have been fixed in Aruba Airwave Glass. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root privileges...

Protect

An exposure of sensitive information to an unauthorized actor vulnerability in FortiGate may allow a remote authenticated attacker to read the SSL VPN events log entries of users in other VDOMs by executing "get vpn ssl monitor" from the CLI. The sensitive data includes usernames, user groups, a...

SQLite report about CVE-2021-36690

This bug is not in the SQLite core library, but rather in an experimental extension that is used to implement the .expert command in the CLI. The code that contains the bug does not appear in standard SQLite builds, though it is included in the sqlite3.exe command-line tool. Applications must lin...

SQLite report about CVE-2021-31239

This is a bug in the CLI. It allows a user with unrestricted shell access to cause a denial-of-service. Of course, there are a million easier ways for a user with unrestricted shell access to cause far worse mischief. The problem was in the appendvfs extension which is not a part of standard...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.6.9 security and bug fix update

Red Hat OpenShift Container Platform release 4.6.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a...

eslint-plugin-mozilla (>=2.7.0 <=2.9.2), gatsby (>=2.24.6-telemetry-test.19 <=2.24.6-telemetry-test.20) +3 more potentially affected by CVE-2020-28448 +1 more via multi-ini (=2.1.0)

multi-ini NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on multi-ini and may be impacted: - eslint-plugin-mozilla =2.7.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19,...

Information disclosure

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerabilit...

Security Bulletin: Authentication mechanism vulnerability affects IBM Connect:Direct for UNIX (CVE-2020-4747)

Summary IBM Connect:Direct for UNIX can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. Vulnerability Details CVEID: CVE-2020-4747 DESCRIPTION: IBM Connect:Direct for UNIX can allow a local or remote user to obtain an authenticated CLI...