Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2020-8559)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that could enable a privilege escalation from a compromised node CVE-2020-8559 Vulnerability Details CVEID: CVE-2020-8559 Description: Kubernetes kube-apiserver could allow a remote...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2019-11254)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that could lead to a denial of service vulnerability from malicious YAML payloads CVE-2019-11254 Vulnerability Details CVEID: CVE-2019-11254 Description: Kubernetes is vulnerable to a denia...

The vulnerability of the command-line interface (CLI) of the vManage web interface for programmatically defined Cisco SD-WAN networks allows a malicious actor to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface CLI of the vManage web interface for the Cisco SD-WAN network is due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary commands with root privileges...

[ASA-202007-2] wireshark-cli: denial of service

Arch Linux Security Advisory ASA-202007-2 ========================================= Severity: Low Date : 2020-07-18 CVE-ID : CVE-2020-15466 Package : wireshark-cli Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1198 Summary ======= The package wireshark-cli before...

CVE-2020-1643

Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process RPD to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service DoS. By...

CVE-2020-1643

CVE-2020-1643 affects Juniper Networks Junos OS on EX2300/EX3400 devices with ARM processors. The issue arises when executing specific CLI commands (show ospf interface extensive/detail) with OSPF authentication enabled, which can crash the routing protocols daemon (RPD) and cause a DoS through r...

CVE-2020-3388

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating t...

CVE-2020-3380

A vulnerability in the CLI of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an...

Input validation

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating t...

Design/Logic Flaw

A vulnerability in the CLI of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an...

CVE-2020-3388 Cisco SD-WAN vManage Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating t...

CVE-2020-3388 Cisco SD-WAN vManage Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating t...

CVE-2020-3380 Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an...

CVE-2020-3380 Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an...

CVE-2020-3380

CVE-2020-3380 concerns Cisco Data Center Network Manager (DCNM). The issue is a privilege-escalation in the DCNM CLI: an authenticated, local attacker could exploit insufficient restrictions on an affected CLI command to elevate to root and execute arbitrary OS commands. The path described involv...

CVE-2020-6164

In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to...

Path traversal

In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to...

CVE-2020-6164

CVE-2020-6164 (SilverStripe) affects SilverStripe up to version 4.5.0. A preconfigured URL path in the silverstripe/framework module can disclose that a domain is hosting a SilverStripe application. The impact is information disclosure about the existence of the platform; the path’s functionality...

CVE-2020-6164

In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to...

Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an...