7991 matches found
Digi TransPort LR54 Restricted Shell Escape Vulnerability
Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell. CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape =========================================================== The Digi TransPort LR54 is a high speed LTE router commonly used by industry,...
Design/Logic Flaw
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...
CVE-2019-3782
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...
CVE-2019-3782
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...
CVE-2019-3782
The CVE-2019-3782 issue affects Cloud Foundry CredHub CLI prior to version 2.2.1. The vulnerability arises when credentials supplied via environment variables are written to the CLI’s persistent config file, potentially exposing them to a local authenticated attacker who has access to the CredHub...
CVE-2019-3782 CredHub CLI writes environment variable credentials to disk
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...
Default credentials
A vulnerability in the management web interface of Cisco Network Assurance Engine NAE could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service DoS condition on the server. The vulnerability is due to a fault in the password management system of NAE. ...
CVE-2019-3782: CredHub CLI writes environment variable credentials to disk | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CredHub CLI All versions prior to 2.2.1 Description Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent...
CVE-2019-7653
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts...
Code injection
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts...
CVE-2019-7653
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts...
CVE-2019-7653
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts...
CVE-2018-15778
CVE-2018-15778 affects Dell OS10 OS switch software; a lack of proper input validation in the CLI on Dell OS10 versions prior to 10.4.2.1 enables a command injection vulnerability. According to CNVD-2019-24558, an attacker could exploit this flaw to execute commands directly on the OS (local acce...
[SECURITY] Fedora 28 Update: wireshark-2.6.6-1.fc28
Metapackage with installs wireshark-cli and wireshark-qt...
Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool
The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running and configuring the scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the...
openthread/cli-uart-received-fuzzer: Index-out-of-bounds in ot::RouterTable::IsAllocated
Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5744891089387520 Project: openthread Fuzzer: libFuzzeropenthreadcli-uart-received-fuzzer Fuzz target binary: cli-uart-received-fuzzer Job Type: libfuzzerubsanopenthread Platform Id: linux Cras...
Command injection
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges...
CVE-2018-12237
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges...
CVE-2018-12237
CVE-2018-12237 affects the Symantec Reporter CLI (Reporter CLI) by an OS command injection vulnerability. Affected: Reporter CLI versions 10.1 before 10.1.5.6 and 10.2 before 10.2.1.8. Root cause: command injection via the CLI that can be exploited by an authenticated administrator with Enable mo...
CVE-2018-12237
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges...