The vulnerability of the SSH client of the Cisco IOS XR operating system allows a hacker to elevate their privileges to the root level.

The vulnerability of the SSH client of the Cisco IOS XR operating system is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level by injecting a specially crafted SSH command into the command line...

Fedora: Security Advisory for jgit (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: octave-8.4.0-6.fc40

GNU Octave is a high-level language, primarily intended for numerical computations. It provides a convenient command line interface for solving linear and nonlinear problems numerically, and for performing other numerical experiments using a language that is mostly compatible with Matlab. It may...

[SECURITY] Fedora 40 Update: java-jd-decompiler-1.1.3-8.fc40

This is a launcher for using java-jd-decompiler-core library from CLI...

BIT-WP-CLI-2021-29504 Improper Certificate Validation in WP-CLI framework

WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the...

CVE-2024-25611

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

Aruba Networks ArubaOS Security Vulnerabilities

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from an authenticated command injection vulnerability...

Aruba Networks ArubaOS Security Vulnerabilities

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from an authenticated command injection vulnerability...

Aruba Networks ArubaOS Security Vulnerabilities

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from an authenticated command injection vulnerability...

Aruba Networks ArubaOS Security Vulnerabilities

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that stems from an arbitrary file deletion vulnerability in the CLI use...

PT-2024-2221 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: The issue is related to the command line interface of ArubaOS, where a lack of proper sanitization of special elements used in operating system commands can be exploited. This allows a remo...

The vulnerability of the command-line interface of the Cisco Identity Services Engine (ISE) management platform allows a hacker to increase their privileges.

The vulnerability of the command-line interface of the Cisco Identity Services Engine ISE management platform relates to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the command-line interface of the Cisco Identity Services Engine (ISE) management platform allows a hacker to elevate their privileges to the root level.

The vulnerability of the command-line interface of the Cisco Identity Services Engine ISE management platform is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

CISA and OpenSSF Release Framework for Package Repository Security

The U.S. Cybersecurity and Infrastructure Security Agency CISA announced that it's partnering with the Open Source Security Foundation OpenSSF Securing Software Repositories Working Group to publish a new framework to secure package repositories. Called the Principles for Package Repository...

jenkins: cross-site WebSocket hijacking

A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint...

jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE

A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the "@" character followed by a file path in an argument with the file’s contents expandAtFiles...

jenkins: cross-site WebSocket hijacking

A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint...

Zyxel zysh - Format string

!/usr/bin/expect -f raptorzyshfhtagn.exp - zysh format string PoC exploit Copyright c 2022 Marco Ivaldi "We live on a placid island of ignorance in the midst of black seas of infinity, and it was not meant that we should voyage far." -- H. P. Lovecraft, The Call of Cthulhu "Multiple improper inpu...

The vulnerability in the built-in command-line interface (CLI) of the Jenkins automation server allows a attacker to execute a CSWSH attack.

The vulnerability in the built-in command-line interface CLI of the Jenkins automation server is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute a CSWSH attack remotely...

The vulnerability of the args4j library in the Jenkins automation server’s command-line interface (CLI) allows a hacker to execute arbitrary code.

The vulnerability of the args4j library, a built-in command-line interface CLI for Jenkins automation servers, is related to insufficient protection of service data. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code...