CVE-2020-12594

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4...

eslint-plugin-mozilla (>=2.7.0 <=2.9.2), gatsby (>=2.24.6-telemetry-test.19 <=2.24.6-telemetry-test.20) +3 more potentially affected by CVE-2020-28448 via multi-ini (=2.1.0)

multi-ini NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on multi-ini and may be impacted: - eslint-plugin-mozilla =2.7.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19,...

CVE-2020-29378

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user to full administrative access by using the password !j@ly$z%x6x7q8c9z for the...

Command injection

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user to full administrative access by using the password !j@ly$z%x6x7q8c9z for the...

Command injection

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...

V-SOL Security Vulnerabilities

V-Solution V1600D is a Gpon-enabled terminal device for connecting fiber optic trunks.V-Solution V1600D4L is a Gpon-enabled terminal device for connecting fiber optic trunks.V-Solution V1600D-MINI is a Gpon-enabled terminal device for connecting fiber optic trunks.V-Solution V1600G1 is a...

Cisco SD-WAN Software Privilege Escalation (cisco-sa-vepeshlg-tJghOQcA)

According to its self-reported version, Cisco SD-WAN Software is affected by a privilege escalation vulnerability due to insufficient security controls on the CLI. An authenticated, local attacker can exploit this, by using an affected CLI utility, to gain root privileges. Please see the included...

IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - Buffer Overflow Exploit

Exploit Title: IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow Exploit Author: Paolo Stagno aka VoidSec Vendor Homepage: https://www.ibm.com/support/knowledgecenter/en/SSGSG77.1.0/com.ibm.itsm.tsm.doc/welcome.html Version: 5.2.0.1...

Driver Disk for QLogic netxtreme2-7.14.29.1 (bnx2x) - For XenServer 7.x CR

Who Should Install this Driver Disk? Customers running a Citrix XenServer 7.x Current Release who use QLogic's netxtreme2 bnx2x driver and wish to use the latest version of the following: Driver Module| Version ---|--- netxtreme2 bnx2x| 7.14.29.1 Issues Resolved In this Driver Disk Includes gener...

Driver Disk for Intel Gigabit Ethernet Controller igb 5.3.5.20 - For XenServer 7.x CR

Who Should Install this Driver Disk? Customers running a Citrix XenServer 7.x Current Release who use Intel's igb driver and wish to use the latest version of the following: Driver Module| Version ---|--- igb| 5.3.5.20 Issues Resolved In this Driver Disk Includes general enhancements and bug fixe...

Command injection

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance formerly Web Security Appliance could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

Cisco Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance formerly Web Security Appliance could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment. The target product/service or framework is docker-compose, the vulnerability class/vector is not...

Fedora: Security Advisory for mediainfo (FEDORA-2020-dec3658f55)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fortinet FortiOS < 6.2.5 Clear Text Information Disclosure (FG-IR-20-009)

According to its self-reported version number, the remote host is running a version of FortiOS prior to 6.2.5. It, therefore, is vulnerable to information disclosure from data stored in clear text that can be accessed via specific commands run on FortiOS' CLI. An authenticated, remote attacker...

[SECURITY] Fedora 32 Update: mediainfo-20.09-1.fc32

MediaInfo CLI Command Line Interface. What information can I get from MediaInfo? General: title, author, director, album, track number, date, duration... Video: codec, aspect, fps, bitrate... Audio: codec, sample rate, channels, language, bitrate... Text: language of subtitle Chapters: number of...

The vulnerability of the command-line interface (CLI) of the programmatically defined Cisco SD-WAN network allows a attacker to increase their privileges.

The vulnerability of the command-line interface CLI of Cisco SD-WAN software-defined networks is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

Palo Alto Networks PAN-OS 8.1.x < 8.1.17 / 9.0.x < 9.0.11 / 9.1.x < 9.1.2 Information Exposure Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.17 or 9.0.x prior to 9.0.11 or 9.1.x prior to 9.1.2. It is, therefore, affected by a vulnerability. - An information exposure through log file vulnerability exists where the password for the configured syste...

Cisco IOS XE Software IOx Application Hosting Privilege Escalation (cisco-sa-iosxe-iox-app-host-mcZcnsBt)

According to its self-reported version, Cisco IOS XE Software is affected by a privilege escalation vulnerability in the application-hosting subsystem due to incomplete input validation of the user payload of CLI commands and improper role-based access control when commands are issued at the...

CVE-2020-2048

An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17...