Cisco Connected Mobile Experiences Privilege Escalation Vulnerability

A vulnerability in Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An...

Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability

A vulnerability in Cisco Virtual Wide Area Application Services vWAAS with Cisco Enterprise NFV Infrastructure Software NFVIS-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected devic...

Cisco Connected Mobile Experiences Restricted Shell Escape Vulnerability

A vulnerability in the CLI of Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker cou...

Cisco NX-OS Software CLI to Internal Service Bypass (cisco-sa-20190515-nxos-cli-bypass)

According to its self-reported version, Cisco Unified Computing System Managed is affected by following vulnerability - A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such...

CVE-2020-3447 Cisco Email Security Appliance and Cisco Content Security Management Appliance Information Disclosure Vulnerability

A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive...

@supermodel/cli (>=0.45.0 <=0.48.1), @supermodel/lib (>=0.4.4 <=0.5.0) +1 more potentially affected by unknown CVE via jsonpointer (=4.0.1)

jsonpointer NPM version =4.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on jsonpointer and may be impacted: - @supermodel/cli =0.45.0, =0.4.4, =0.0.3, =0.0.9 Source cves: unknown CVE Source advisory: SNYK:JS-JSONPOINTER-598804...

grunt-kevoree (>=0.3.0 <=6.0.0-alpha.1), grunt-kevoree-registry (>=3.0.0 <=4.0.0-alpha) +9 more potentially affected by CVE-2020-7724 via tiny-conf (=1.1.0)

tiny-conf NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tiny-conf and may be impacted: - grunt-kevoree =0.3.0, =3.0.0, =5.7.0, =4.0.0, =5.5.0-alpha, =0.3.0, =1.6.0, =1.0.0-alpha, =1.0.1, =1.0.0, =1.0.2 Source cves: CVE-2020-7724...

Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities (cisco-sa-ios-iot-rce-xYRSeMNH)

According to its self-reported version, Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 is affected by multiple arbitrary code execution vulnerabilities, as follows: - A vulnerability in the area ...

@digiwano/enquirer-experiments (>=0.0.1 <=0.0.3), firepit (=0.0.1) +1 more potentially affected by CVE-2020-7716 via deeps (=1.4.5)

deeps NPM version =1.4.5 is affected by a known vulnerability. The following packages have a transitive dependency on deeps and may be impacted: - @digiwano/enquirer-experiments =0.0.1, =0.0.3 - firepit =0.0.1 - rnfb-cli =1.0.0 Source cves: CVE-2020-7716 Source advisory: SNYK:JS-DEEPS-598667...

Evine - Interactive CLI Web Crawler

Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From Binary Pre-build binary releases are also...

Cisco Email Security Appliance and Cisco Content Security Management Appliance Information Disclosure Vulnerability

A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive...

@architect-io/cli (>=0.3.13 <=0.5.2-rc.7), @mishguru/logview-cli (>=4.0.0 <=4.6.0) +8 more potentially affected by CVE-2020-15125 via auth0 (>=0.8.5 <=2.25.1)

auth0 NPM version =0.8.5, =0.3.13, =4.0.0, =0.0.34, =3.1.0, =0.0.0, =0.1.0, =0.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2020-15125 Source advisory: OSV:GHSA-5JPF-PJ32-XX53...

Command injection

rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n,...

CVE-2020-13917

rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n,...

CVE-2020-13917

CVE-2020-13917 affects Ruckus Wireless Unleashed devices (models including C110, E510, H320, H510, M510, R320/R310/R500/R510/R600/R610/R710/R720/R750, T300/T301n/T301s/T310c/T310d/T310n/T310s/T610/T710/T710s) via rkscli. The root cause is a command-injection vulnerability in the CLI exposed by cr...

OSV-2020-1365 UNKNOWN READ in cli_vba_readdir_new

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24354 Crash type: UNKNOWN READ Crash state: clivbareaddirnew clivbascandirnew cliscanole2...

GHSA-HX5G-8HQ2-8X4W SQL Injection in Kylin

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0...

chatc-cli (>=0.1.7 <=0.1.9), fast-http-cli (>=0.0.1 <=0.0.8) potentially affected by CVE-2020-7687 via fast-http (>=0.1.2 <=0.1.3)

fast-http NPM version =0.1.2, =0.1.7, =0.0.1, =0.0.8 Source cves: CVE-2020-7687 Source advisory: OSV:GHSA-7PHR-5M9X-RW9Q...

Security Bulletin: Vulnerability of Embedded CF CLI In IBM Cloud CLI

Summary Default embedded CF CLI in IBM Cloud CLI version prior to 0.20.0 contains a security vulnerability which might expose customer credentials. Vulnerability Details CVEID: CVE-2019-3800 DESCRIPTION: CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret t...

Security Bulletin: Windows installers of IBM Cloud CLI prior to 0.16.2 are signed using SHA1 certificate

Summary IBM Cloud CLI prior to 0.16.2 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. Vulnerability Details CVEID: CVE-2019-4427 DESCRIPTION: IBM Cloud CLI windows installers are...