@achil/parcel-bundler (>=1.11.1 <=1.12.34), @acies/core (>=1.2.89 <=1.2.215) +134 more potentially affected by CVE-2019-10769 via safer-eval (>=1.2.3 <=1.3.6)

safer-eval NPM version =1.2.3, =1.11.1, =1.2.89, =0.1.0, =4.0.0, =4.1.0, =4.1.2, =0.9.2-pre.41, =2.0.2, =1.0.0, =1.9.3, =0.3.0, =1.12.3, =1.0.0, =0.0.1, =3.4.4 and more Source cves: CVE-2019-10769 Source advisory: SNYK:JS-SAFEREVAL-534901...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes API server security vulnerability (CVE-2019-11253)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that exposes it to a denial of service attack via malicious YAML or JSON payloads CVE-2019-11253. Vulnerability Details CVE-ID: CVE-2019-11253 Description: The Kubernetes API server is...

Cisco FXOS Software Command Injection (cisco-sa-20190306-nxos-cmdinj-1611)

According to its self-reported version, Cisco FXOS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to certain CLI commands. An authenticated, local attacker with valid administrator credentials can exploit this by including malicious...

Cisco NX-OS Software Command Injection (cisco-sa-20190306-nxos-cmdinj-1611)

According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to certain CLI commands. An authenticated, local attacker with valid administrator credentials can exploit this by including malicious...

filecrawl (>=1.0.0 <=1.0.0b2), hackingtools (>=0.9.94 <=2.0.3) +2 more potentially affected by CVE-2019-19275 via typed-ast (=1.3.1)

typed-ast PYPI version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on typed-ast and may be impacted: - filecrawl =1.0.0, =0.9.94, =0.0.9, =0.0.1, =0.0.3 Source cves: CVE-2019-19275 Source advisory: OSV:GHSA-7XXV-WPXJ-MX5V...

filecrawl (>=1.0.0 <=1.0.0b2), hackingtools (>=0.9.94 <=2.0.3) +2 more potentially affected by CVE-2019-19274 via typed-ast (=1.3.1)

typed-ast PYPI version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on typed-ast and may be impacted: - filecrawl =1.0.0, =0.9.94, =0.0.9, =0.0.1, =0.0.3 Source cves: CVE-2019-19274 Source advisory: OSV:GHSA-M3JW-62M7-JJCM...

Cisco IOS XE Software User EXEC Mode Root Shell Access Multiple Vulnerabilities (cisco-sa-20180328-privesc1)

According to its self-reported version, Cisco IOS XE Software is affected by multiple vulnerabilities in the CLI parser due to improper sanitization of command arguments to prevent access to internal data structures on a device. An authenticated, local attacker with user EXEC mode access to an...

CVE-2019-15986

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input...

Input validation

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input...

CVE-2019-15986 Cisco Unity Express Command Injection Vulnerability

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input...

CVE-2019-15986

CVE-2019-15986 is a Cisco Unity Express local command injection vulnerability. An authenticated, local attacker with valid administrator credentials can feed crafted CLI commands due to improper input validation, leading to arbitrary commands executed with root privileges. Cisco’s advisory confir...

CVE-2019-15996 Cisco DNA Spaces: Connector Privilege Escalation Vulnerability

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An...

CVE-2019-15997 Cisco DNA Spaces: Connector Command Injection Vulnerability

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI...

Design/Logic Flaw

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

CVE-2019-15288 Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE, Cisco TelePresence Codec TC, and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input...

CVE-2019-15967 Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

CVE-2019-15967

The CVE-2019-15967 issue affects Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software. A vulnerability in the CLI allows an authenticated, local attacker to enable audio recording without user notification by exploiting unnecessary debug commands and gaining unrestricted acces...

CVE-2019-15967 Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

openSUSE Security Update : haproxy (openSUSE-2019-2556)

This update for haproxy to version 2.0.5+git0.d905f49a fixes the following issues : Security issue fixed : - CVE-2019-14241: Fixed a cookie memory corruption problem. bsc1142529 The update to 2.0.5 brings lots of features and bugfixes : - new internal native HTTP representation called HTX, was...

CVE-2019-10206

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them...