CVE-2020-3602 Cisco StarOS Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this...

CVE-2020-3602 Cisco StarOS Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this...

CVE-2020-3602

CVE-2020-3602 affects Cisco StarOS on Cisco ASR 5000 Series routers. The issue stems from insufficient input validation in the CLI, allowing an authenticated, local attacker with valid credentials to craft CLI commands and execute arbitrary code with root privileges. Documents consistently descri...

CVE-2020-3601

CVE-2020-3601 affects Cisco StarOS on ASR 5000 Series Routers. The vulnerability arises from insufficient input validation in the CLI, enabling an authenticated, local attacker with administrative credentials to execute arbitrary code with root privileges. Reports describe privilege escalation by...

CVE-2020-3601 Cisco StarOS Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this...

CVE-2020-3601 Cisco StarOS Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this...

Cisco StarOS Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this...

Cisco StarOS Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this...

@amazingcat/amazing-iohook (>=8.2.3 <=8.3.3), @donmahallem/trapeze-client-desktop (=5.1.1) +15 more potentially affected by CVE-2020-15174 via electron (>=8.0.0-beta.1 <=8.5.0)

electron NPM version =8.0.0-beta.1, =8.2.3, =8.0.0, =0.1.0, =4.0.0-beta.1, =1.0.1, =1.7.0, =1.0.3, =1.0.5, =0.0.1, =1.1.35, =1.1.51 and more Source cves: CVE-2020-15174 Source advisory: OSV:GHSA-2Q4G-W47C-4674...

[SECURITY] Fedora 33 Update: podman-2.1.1-10.fc33

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a GNU GRUB2 security vulnerability (CVE-2020-10713)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in GNU GRUB2 that could allow a local authenticated attacker to execute arbitrary code on the system. CVE-2020-10713 Vulnerability Details CVEID: CVE-2020-10713 Description: GNU GRUB2 could allow a local authenticated...

[SECURITY] Fedora 32 Update: podman-2.1.1-7.fc32

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Security Bulletin: A Node.js npm CLI module vulnerability affects IBM® SDK for Node.js™ in IBM Cloud (CVE-2020-15095)

Summary There is a vulnerability which could allow a local attacker to obtain sensitive information in the Node.js npm CLI module that is used in IBM® SDK for Node.js™ in IBM Cloud. Vulnerability Details CVEID: CVE-2020-15095 DESCRIPTION: Node.js npm CLI module could allow a local attacker to...

@amphro/streamer (>=0.0.0 <=1.0.1), @appirio/demo-scoped-pkg (>=2.4.1 <=2.8.0) +297 more potentially affected by CVE-2020-7777 via jsen (>=0.1.2 <=0.6.6)

jsen NPM version =0.1.2, =0.0.0, =2.4.1, =0.5.9, =0.1.0, =1.0.0, =0.6.9, =1.0.0, =1.0.0, =1.0.0, =2.2.3, =0.0.1, =0.1.0, =0.0.7, =1.4.0, =13.6.18 and more Source cves: CVE-2020-7777 Source advisory: SNYK:JS-JSEN-1014670...

AZL-41684 CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

Node.js third-party modules: [zenn-cli] Path traversal on Windows allows the attacker to read arbitrary .md files

Summary I would like to report path traversal in zenn-cli. It allows the attacker to read arbitrary .md files. Module module name: zenn-cli version: 0.1.39 npm page: https://www.npmjs.com/package/zenn-cli Module Description Manage Zenn content locally 👩‍💻 Module Stats 885 weekly downloads...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-15095)

Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js CVE-2020-15095 Vulnerability Details Third Party Entry: 184667 DESCRIPTION: Node.js npm-registry-fetch module information disclosure CVSS Base score: 7.5 CVSS Temporal Score: See:...

Brocade Fabric OS Information Disclosure Vulnerability (CNVD-2021-28348)

Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade in the United States. An information disclosure vulnerability exists in Brocade Fabric OS. The vulnerability stems from the Supportlink CLI in Fabric OS not obfuscating the...

CVE-2020-15369

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remo...

CVE-2020-15369

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remo...