DEBIAN-CVE-2024-34062

tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments e.g. --delim, --buf-size, --manpath are passed through python's eval, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All user...

CVE-2023-34284

NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2024-29965

CVE-2024-29965 affects Brocade SANnav versions prior to 2.3.1 and 2.3.0a. The issue allows backups created via the web UI or SSH to be world-readable, enabling a local attacker to recover backup files, restore them on a malicious appliance, and obtain the passwords for all switches. Documents con...

The vulnerability of the command-line interface of the Cisco Integrated Management Controller, a remote administration tool, allows a malicious actor to execute arbitrary commands on the underlying operating system and elevate their privileges to root-level.

The vulnerability of the command-line interface of the Cisco Integrated Management Controller remote administration software exists due to the lack of measures taken to neutralize the special commands used in the operating system’s command line. Exploiting this vulnerability allows an attacker to...

OESA-2024-1424 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions...

OESA-2024-1425 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions...

CVE-2023-47541

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions,...

CVE-2023-47541

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions,...

CVE-2023-47540

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.0.5 through 3.0.7 allows attacker ...

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

PT-2024-3562 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.4.1 and below FortiOS versions 7.2.7 and below FortiOS versions 7.0.14 and below FortiOS versions 6.4.15 and below Description: A use of externally-controlled format string vulnerability in FortiOS command line interface ma...

Fortinet FortiSandbox 操作系统命令注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from an operating system command injection...

PT-2024-3549 · Fortinet · Fortisandbox

Name of the Vulnerable Software and Affected Versions: FortiSandbox versions 2.0.0 through 2.0.3 FortiSandbox versions 2.1.0 through 2.1.3 FortiSandbox versions 2.2.0 through 2.2.2 FortiSandbox versions 2.3.0 through 2.3.3 FortiSandbox versions 2.4.0 through 2.4.1 FortiSandbox versions 2.5.0...

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A path traversal vulnerability exists in Fortinet FortiSandbox, which stems fr...

The vulnerability of the command-line interface (CLI) of Cisco IOS XE wireless access controller devices allows attackers to increase their privileges.

The vulnerability of the command-line interface CLI of Cisco IOS XE wireless LAN controller systems is related to deficiencies in access control due to the use of the show and show tech wireless commands in WLAN configuration. Exploiting this vulnerability can allow an attacker to increase their...

CVE-2023-51148

An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component...

TRENDnet TEW-821DAP 安全漏洞

The TRENDnet TEW-821DAP is a wireless access point from Trendnet, Inc. A security vulnerability exists in TRENDnet TEW-821DAP version v.3.00b06. An attacker can exploit this vulnerability to execute arbitrary code via the mycli command line interface component...

The vulnerability of the command-line interface of ArubaOS systems arises from the lack of measures taken to eliminate special elements used in operating system commands. This allows attackers to execute arbitrary commands.

The vulnerability of the command-line interface of ArubaOS exists because measures to neutralize the special elements used in the operating system’s command are not taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PYSEC-2024-263

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...

PYSEC-2024-263

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...