7993 matches found
CVE-2019-10206
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them...
CVE-2019-10206
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them...
CVE-2019-10206
CVE-2019-10206 affects Ansible (various branches): 2.6.x pre-2.6.19, 2.7.x pre-2.7.13, 2.8.x pre-2.8.4. The flaw arises when prompting passwords by expanding templates, which could reveal passwords via templates/logs. Impact per sources includes potential exposure of credentials (confidentiality)...
CVE-2019-10206
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them...
CVE-2019-10206
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them...
CVE-2019-10206
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them...
PT-2019-5737 · Fortinet · Fortimanager +1
Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.2.3 and below FortiAnalyzer versions 6.2.3 and below Description: The issue is related to the use of a hard-coded cryptographic key in the CLI configuration of FortiManager and FortiAnalyzer, which may allow an attacke...
Memory corruption
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application e.g., through CTRL+\ via SSH. The access...
CVE-2019-15804
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application e.g., through CTRL+\ via SSH. The access...
CVE-2019-15804
CVE-2019-15804 affects Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending SIGQUIT to the CLI process (e.g., CTRL+\ via SSH), an undocumented menu can be triggered, exposing a "Password recovery for specific user" option. Access control blocks the menu, but it is believed to be r...
Protect
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of system's builtin local certificates via unsetting the keys encryption password or for user uploaded local certificates via setting an empty password. Note that backed up...
Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1776)
According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to a specific CLI command on an affected device. An authenticated, local attacker can exploit this to execute arbitrary commands on the...
Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1783)
According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to a specific CLI command on an affected device. An authenticated, local attacker can exploit this to execute arbitrary commands on the...
Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1790)
According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to certain CLI commands on an affected device. An authenticated, local attacker can exploit this to execute arbitrary commands on the...
Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1770)
According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to a specific CLI command. An authenticated, local attacker can exploit these vulnerabilities by including malicious input as the argume...
Cisco NX-OS Software Command Injection (cisco-sa-20190515-nxos-cmdinj-1735)
According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to certain CLI commands on an affected device. An authenticated, local attacker can exploit this to execute arbitrary commands on the...
Cisco NX-OS Software Command Injection (CVE-2019-1784)
According to its self-reported version, Cisco NX-OS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to a specific CLI command on an affected device. An unauthenticated, local attacker can exploit this to execute arbitrary commands on th...
Cisco TelePresence Collaboration Endpoint Software Command Injection Vulnerability (cisco-sa-20191016-tele-ce-cmdinj)
According to its self-reported version, the Cisco TelePresence Collaboration Endpoint CE Cisco TelePresence Software is affected by a command injection vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this by authenticating as an...
SUSE SLED15 / SLES15 Security Update : gdb (SUSE-SU-2019:2902-1)
This update for gdb fixes the following issues : Update to gdb 8.3.1: jscECO-368 Security issues fixed : CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. bsc1142772 Upgrade libipt from v2.0 to v2.0.1. Enable librpm for version librpm.so.3...
Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE, Cisco TelePresence Codec TC, and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input...