CVE-2019-5424

CVE-2019-5424 affects Ubiquiti Networks EdgeSwitch X (v1.1.0 and earlier). A privileged user can execute arbitrary shell commands via the SSH CLI, enabling root-level commands. This is the stated impact in the CVE descriptions and multiple connected records. A patch/release note referenced in the...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-1289 Jenkins accepted cached legacy CLI authentication Medium SECURITY-1327 XSS vulnerability in form validation button...

CVE-2019-3786: BBR could run arbitrary scripts on deployment VMs | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions BOSH Backup and Restore All versions prior to v1.5.0 Description Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote...

Security update for yast2-rmt (moderate)

openSUSE Security Update: Security update for yast2-rmt Announcement ID: openSUSE-SU-2019:1089-1 Rating: moderate References: 1119835 1120672 1123562 Cross-References: CVE-2018-20105 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has two fixes is now available...

CVE-2019-3876

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...

Cross site request forgery (csrf)

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...

CVE-2019-3876

CVE-2019-3876 affects OpenShift OpenShift Container Platform 3.11 web-console: OAuth server /oauth/token/request; root cause is missing X-Frame-Options and CSRF protections that enable XSS token generation and, if not prevented, a follow-on XSS via JavaScript could extract tokens. Mitigation is p...

CVE-2019-3876

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...

CVE-2018-20162

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...

Privilege Escalation in PAN-OS

Palo Alto Networks is aware of an integer overflow vulnerability in the Linux kernel's createelftables function. Ref PAN-105966, CVE-2018-14634 Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system. To successfully exploit this...

Debian DLA-1717-1 : rdflib security update

The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because 'python -m' appends the current directory in the python path. For Debian 8 'Jessie', this problem has been fixed in version 4.1.2-3+deb8u1. We recommend that you upgrade your rdflib...

[SECURITY] [DLA 1717-1] rdflib security update

Package : rdflib Version : 4.1.2-3+deb8u1 CVE ID : CVE-2019-7653 Debian Bug : 921751 The CLI tools in python-rdflib-tools can load python modules found in the current directory. This happens because "python -m" appends the current directory in the python path. For Debian 8 "Jessie", this problem...

CVE-2018-20162

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...

CVE-2018-20162

CVE-2018-20162 concerns Digi TransPort LR54 (firmware 4.4.0.26 and possibly earlier) where an Improper Input Validation vulnerability in the restricted shell allows a user with super CLI access to bypass the shell restrictions and execute arbitrary commands as root. Connected sources describe the...

ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +3 more potentially affected by CVE-2015-1772 via org.apache.hive:hive-exec (=1.1.0)

org.apache.hive:hive-exec MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - ai.h2o:h2o-orc-parser =3.18.0.9, =0.1.5, =0.1.5, =0.11.0, =0.11.1 Source cves: CVE-2015-1772 Source advisory...

Ubiquiti Inc.: EdgeSwitch Command Injection

In EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user...

CVE-2019-1611 Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611)

A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI...

CVE-2019-1610

Cisco NX-OS Software CLI Command Injection (CVE-2019-1610) affects Nexus 3500 and Nexus 3000 series switches running versions prior to 7.0(3)I7(4). The issue is due to insufficient validation of arguments to certain CLI commands, allowing an authenticated, local attacker with administrator creden...

CVE-2019-1611

The CVE-2019-1611 issue is a vulnerability in the Cisco NX-OS FXOS CLI where insufficient validation of CLI arguments enables an authenticated, local attacker with valid admin credentials to execute arbitrary commands on the device with elevated privileges. The concern affects multiple Cisco plat...

CVE-2019-1612

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612) affects Nexus 3000, Nexus 3500, Nexus 3600 platforms and NX-OS Stand releases, with root cause tied to insufficient validation of CLI arguments. An authenticated local attacker with administrator credentials could exploit th...