[SECURITY] Fedora 36 Update: hcloud-1.29.5-3.fc36

A command-line interface for Hetzner Cloud...

CVE-2022-32156

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface CLI did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI...

Fortinet FortiAP-U 路径遍历漏洞

Fortinet FortiAP-U is a controller for managing wireless access point devices from Fortinet, Inc. A path traversal vulnerability exists in the Fortinet FortiAP-U that stems from an input validation error when processing a directory traversal sequence in certain CLI commands. A local attacker coul...

The vulnerability of the CLI component of Fortinet’s FortiAP-S/W2 and FortiAP software solutions allows a hacker to overwrite system files.

The vulnerability of the CLI microprogramming software for Fortinet’s FortiAP-S/W2 and FortiAP devices exists due to insufficient verification of input data in the administration consoles. Exploiting this vulnerability allows a malicious actor to re-write system files using specially created...

The vulnerability of the CLI component of Cisco SD-WAN microprogramming software allows a hacker to enhance their privileges.

The vulnerability of the CLI component of Cisco SD-WAN microprogramming software is related to access control deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges by modifying certain files on the vulnerable device...

The vulnerability of the command-line interface of Cisco Firepower Threat Defense (FTD) software allows a hacker to execute arbitrary code.

The vulnerability of the command-line interface of Cisco Firepower Threat Defense FTD software relates to errors in processing XML requests. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created XML data...

The vulnerability of the command-line interface of FortiWeb web applications allows attackers to disclose protected information.

The vulnerability of the command-line interface of FortiWeb web applications is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information using debugging commands...

CVE-2022-26532

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series...

CVE-2022-26531

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG...

Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability

A vulnerability in the command-line interface CLI parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service DoS condition or potentially execute code...

Aruba ClearPass Policy Manager Remote Command Injection Vulnerability (CNVD-2022-55529)

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. A remote command injection vulnerability in the command line interface of Aruba ClearPass Policy Manager versions 6.10.4 and earlier, 6.9.9 and earlier, and...

GHSA-R5M2-G5GC-Q43R Jenkins Denial of Service vulnerability

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service thread consumption via vectors related to a CLI handshake...

GHSA-FVFH-8MJ3-23XJ Jenkins allows for Code Execution via Crafted Packet to the CLI

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel...

GHSA-V759-3FH9-84MX Jenkins directory traversal vulnerability

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...

Jenkins has CRLF Injection Vulnerability in the CLI

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Information Exposure

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Information Exposure via the sidepanel widgets in the CLI command overview and help pages. An attacker can obtain sensitive information by making a direct request to...

GHSA-4653-RMCH-3G2G Jenkins has Information Disclosure via Sidepanel Widget

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...

CVE-2021-41032

An improper access control vulnerability CWE-284 in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands...

CVE-2022-20729

A vulnerability in CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands...

CVE-2022-28571

D-link 882 DIR882A1FW130B06 was discovered to contain a command injection vulnerability in/usr/bin/cli...