Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

Siemens SCALANCE Missing Encryption of Sensitive Data (CVE-2021-37731)

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versions: Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address...

Siemens SCALANCE W1750D Command Injection (CVE-2022-37893)

An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x...

The vulnerability of the command-line interface of Siemens SCALANCE industrial switches allows a hacker to execute arbitrary commands.

The vulnerability of the command-line interface of Siemens SCALANCE industrial switches exists due to the lack of measures taken to protect the command-line interface. Exploitation of this vulnerability allows a malicious actor to execute arbitrary commands remotely...

[SECURITY] Fedora 37 Update: rubygem-railties-7.0.4.3-1.fc37

Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: handles all the bootstrapping process for a Rails application; manages rails command line interface; provides Rails generators core;...

The vulnerability of the command-line interface of ArubaOS systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the command-line interface of ArubaOS systems is related to deficiencies in the segmentation of the controlled system area. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the command-line interface of ArubaOS allows a hacker to continue the session on a vulnerable device after removing the affected account.

The vulnerability of the command-line interface of ArubaOS systems is related to incorrect session duration settings. Exploiting this vulnerability allows a remote attacker to continue the session on a vulnerable device after deleting the affected account...

The vulnerability of the command-line interface of ArubaOS systems allows a hacker to execute arbitrary commands.

The vulnerability of the command-line interface of ArubaOS systems is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

SUSE SLES15 Security Update : flatpak (SUSE-SU-2023:1714-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1714-1 advisory. - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8,...

Fedora 36 : flatpak (2023-9fbc701e0d)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9fbc701e0d advisory. Update to 1.12.8 Fix CVE-2023-28100 and CVE-2023-28101 Tenable has extracted the preceding description block directly from the Fedora security...

[SECURITY] Fedora 38 Update: rubygem-railties-7.0.4.3-1.fc38

Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: handles all the bootstrapping process for a Rails application; manages rails command line interface; provides Rails generators core;...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in Apache Tomcat affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid...

CVE-2023-20056

A vulnerability in the management CLI of Cisco access point AP software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could...

How to disable/enable a service (LB, GSLB, etc.) using the NetScaler's CLI

How to disable/enable a service LB, GSLB, etc. using CLI...

The vulnerability of the FortiOS operating systems arises from incorrect restrictions on path names to restricted directories, allowing attackers to read and write arbitrary files.

The vulnerability of the FortiOS operating systems is related to incorrect restrictions on path names to restricted directories. Exploiting this vulnerability allows an attacker to read and write arbitrary files by executing commands in the command line interface...

The vulnerability of the command-line interface of ArubaOS systems allows a hacker to execute arbitrary commands.

The vulnerability of the command-line interface of ArubaOS systems is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the command-line interface of ArubaOS systems allows a hacker to execute arbitrary commands.

The vulnerability of the command-line interface of ArubaOS systems is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the command-line interface of SiPass IP access integrated controllers allows a hacker to execute arbitrary code.

The vulnerability of the command-line interface of SiPass IP access integrated controllers is related to errors in processing input data. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the root user...

CVE-2023-0978

A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to...

SUSE CVE-2023-26302

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input...