CVE-2020-15095 Sensitive information exposure through logs in npm cli

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

Airshare - Cross-platform Content Sharing In A Local Network

Airshare is a Python-based CLI tool and module that lets you transfer data between two machines in a local network, P2P, using Multicast-DNS. It also opens an HTTP gateway for other non-CLI external interfaces. It works completely offline! Built with aiohttp and zeroconf. Checkout the demo...

@amazingcat/amazing-iohook (>=7.1.4 <=8.1.1), @barajs/electron (>=1.0.0 <=1.0.2) +30 more potentially affected by CVE-2020-15096 via electron (>=7.0.0 <=7.2.3)

electron NPM version =7.0.0, =7.1.4, =1.0.0, =0.0.3, =0.3.0, =4.0.0-alpha.3, =7.0.0, =4.0.0-alpha.1, =0.0.1, =7.0.0, =1.7.0, =7.0.0, =8.0.0, =0.31.0-alpha.2, =0.31.0-alpha.33 and more Source cves: CVE-2020-15096 Source advisory: OSV:GHSA-6VRV-94JV-CRRG...

CVE-2020-7284

Exposure of Sensitive Information in McAfee Network Security Management NSM prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface CLI...

CVE-2020-7284

Exposure of Sensitive Information in McAfee Network Security Management NSM prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface CLI...

CVE-2020-7284

McAfee Network Security Management (NSM) prior to 10.1.7.7 is affected by CVE-2020-7284: a local attacker can exploit a command-line interface weakness to access the root account by issuing crafted commands from the restricted CLI, leading to a complete confidentiality, integrity, and availabilit...

The vulnerability of the CLI component of Cisco Enterprise NFV Infrastructure Software allows a attacker to gain access to the basic operating system and rewrite or read any files they desire.

The vulnerability of the CLI component of Cisco Enterprise NFV Infrastructure Software exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a attacker to gain access to the underlying operating system and overwrite or read...

OSV-2020-670 Memcpy-param-overlap in ot::Cli::CoapSecure::Process

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12679 Crash type: Memcpy-param-overlap Crash state: ot::Cli::CoapSecure::Process ot::Cli::Interpreter::ProcessCoapSecure ot::Cli::Interpreter::ProcessLine...

OSV-2020-471 Stack-buffer-overflow in ot::Cli::Interpreter::ProcessService

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12642 Crash type: Stack-buffer-overflow WRITE Crash state: ot::Cli::Interpreter::ProcessService ot::Cli::Interpreter::ProcessLine ot::Cli::Uart::ProcessCommand...

Protect

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiOS, FortiManager and FortiAnalyzer may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...

CVE-2020-12041

The Baxter Spectrum WBM v17, v20D29, v20D30, v20D31, and v22D24 telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to netwo...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2020-8552)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that could lead to a denial of service CVE-2020-8552 Vulnerability Details CVEID: CVE-2020-8552 Description: Kubernetes kube-apiserver is vulnerable to a denial of service, caused by improp...

docker-cli docker-engine security update

docker-cli 19.03.11-4 - added patch for registry list 19.03.11-3 - update to 19.03.11 for CVE-2020-13401 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 18.09.1-1.0.6 - disable kmem accounting for UEKR4 18.09.1-1.0.5 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes...

chatc-cli (>=0.1.7 <=0.1.9), fast-http-cli (>=0.0.1 <=0.0.8) potentially affected by CVE-2020-7687 via fast-http (>=0.1.2 <=0.1.3)

fast-http NPM version =0.1.2, =0.1.7, =0.0.1, =0.0.8 Source cves: CVE-2020-7687 Source advisory: SNYK:JS-FASTHTTP-572892...

Iox - Tool For Port Forward &Amp; Intranet Proxy

Tool for port forward & intranet proxy, just like lcx/ew, but better Why write? lcx and ew are awesome, but can be improved. when I first used them, I can't remember these complicated parameters for a long time, such as tran, slave, rcsocks, sssocks.... The work mode is clear, why do they design...

action-tracker (>=0.1.1 <=1.2.1), aye-spy (>=1.2.0 <=2.2.3) +12 more potentially affected by CVE-2020-4059 via mversion (>=1.12.0 <=1.13.0)

mversion NPM version =1.12.0, =0.1.1, =1.2.0, =1.0.0, =1.0.0, =0.0.0, =0.1.7, =2.4.18, =1.0.0, =1.1.1, =0.0.0, =0.1.0, =1.0.0 Source cves: CVE-2020-4059 Source advisory: OSV:GHSA-QJG4-W4C6-F6C6...

CVE-2020-3362

A vulnerability in the CLI of Cisco Network Services Orchestrator NSO could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability b...

CVE-2020-3236

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

Design/Logic Flaw

A vulnerability in the CLI of Cisco Network Services Orchestrator NSO could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability b...