Jenkins 2.56 CLI Deserialization / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins CLI Deserialization', 'Description' = %q An unauthenticated Java object deserialization vulnerability exists in the CLI component for...

Remote Code Execution (RCE)

ledger:eoan is vulnerable to remote code execution RCE. An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a...

Information Disclosure

ansible is vulnerable to information disclosure. The moduleargs is not censored properly when using the check mode with -vvv on the CLI and causes confidential data to be exposed and read...

DockerENT - The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks

DockerENT is activE ruN time application security scanning T ool RAST tool and framework which is pluggable and written in python. It comes with a CLI application and clean Web Interface written with StreamLit. DockerENT has been designed keeping in mind that during deployments there weak...

Malicious Package in angluar-cli

Version 0.0.3 of angluar-cli contains malicious code as a postinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed the package attempts to remove files and stop processes related to McAfee antivirus...

GHSA-8MM3-2MCJ-CX6R Malicious Package in angluar-cli

Version 0.0.3 of angluar-cli contains malicious code as a postinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed the package attempts to remove files and stop processes related to McAfee antivirus...

Palo Alto Networks PAN-OS 8.0.x / 8.1.x < 8.1.16 / 9.0.x < 9.0.10 / 9.1.x < 9.1.3 Information Exposure

The version of Palo Alto Networks PAN-OS running on the remote host is 8.0.x, 8.1.x prior to 8.1.16, 9.0.x prior to 9.0.10 or 9.1.x prior to 9.1.3. It is, therefore, affected by an information exposure vulnerability where an administrator's password or other sensitive information may be logged in...

Anchore Engine - A Service That Analyzes Docker Images And Applies User-Defined Acceptance Policies To Allow Automated Container Image Validation And Certification

For the most up-to-date information on Anchore Engine, Anchore CLI, and other Anchore software, please refer to the Anchore Documentation The Anchore Engine is an open-source project that provides a centralized service for inspection, analysis, and certification of container images. The Anchore...

Command injection

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command op-command usage but...

CVE-2020-2044

CVE-2020-2044 is an information-exposure issue in PAN-OS where an administrator password or other sensitive data can be logged in cleartext in opcmdhistory.log. Affected PAN-OS versions: 8.1.x before 8.1.16; 9.0.x before 9.0.10; 9.1.x before 9.1.3. The log file design change moves command history...

CVE-2020-2044 PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command op-command usage but...

BSA-2020-1078

Security Advisory ID : BSA-2020-1078 Component : Supportlink CLI Revision : 2.0 Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An...

Faraday v3.12 - Collaborative Penetration Test and Vulnerability Management Platform

There are better ways than managing vulnerabilities with spreadsheets, especially when you are working with several tools. We know it’s easy to lose trail of your efforts. In faraday you can keep track of your scanners and your team in one place, This update is focused on improving your everyday...

CVE-2020-3530

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The...

CVE-2020-3473

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups withi...

CVE-2020-3473

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups withi...

CVE-2020-3473 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups withi...

CVE-2020-3473

CVE-2020-3473 describes a privilege-escalation vulnerability in Cisco IOS XR Software where an authenticated, local CLI shell user can elevate privileges due to an incorrect mapping of a CLI command to task groups. The attacker would authenticate to the local CLI shell and use the affected comman...

CVE-2020-3530 Cisco IOS XR Authenticated User Privilege Escalation Vulnerability

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The...

CVE-2020-3530

Cisco IOS XR Software contains CVE-2020-3530, a privilege-escalation flaw in task group assignment for a specific CLI command. An authenticated, local attacker with valid credentials can issue a command that should require Administrator privileges, due to an incorrect mapping in task group assign...