23 matches found
EUVD-2024-47903
Malicious code in bioql PyPI...
EUVD-2024-2350
Malicious code in bioql PyPI...
EUVD-2023-0909
Malicious code in bioql PyPI...
CVE-2024-6833
A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...
CVE-2024-6916
A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...
CVE-2024-6916
A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...
CVE-2024-6916
CVE-2024-6916 affects the Zowe CLI, where a local, privileged actor can display securely stored properties in cleartext in a terminal by using the --show-inputs-only flag. The vulnerability is introduced in the CLI’s handling of inputs and exposes secrets that should remain confidential. Reported...
Credentials Exposure
Zowe CLI is vulnerable to a credentials exposure. The vulnerability is due to insecure storage of credentials in the Zowe CLI's auto-init operation, allowing attackers to access and potentially misuse sensitive information stored in a plaintext file...
GHSA-GHGQ-X6WC-6JR5 Zowe CLI allows storage of previously entered secure credentials in a plaintext file
A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...
@ibm/rse-api-for-zowe-cli (>=3.2.2 <=4.1.0), @zowe/zowe-explorer-api (>=2.13.0 <=2.15.0) potentially affected by CVE-2024-6833 via @zowe/cli (>=7.18.0 <=7.23.3)
@zowe/cli NPM version =7.18.0, =3.2.2, =2.13.0, =2.15.0 Source cves: CVE-2024-6833 Source advisory: OSV:GHSA-GHGQ-X6WC-6JR5...
CVE-2024-6833
A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...
CVE-2024-6833
CVE-2024-6833 affects Zowe CLI. A local, privileged attacker can exploit an auto-init operation to cause credentials entered by a user to be written to a plaintext file, exposing sensitive information. The vulnerability is described as a credentials exposure via insecure storage in the auto-init ...
PT-2024-37892 · Zowe Cli · Zowe Cli
Name of the Vulnerable Software and Affected Versions: Zowe CLI affected versions not specified Description: A local, privileged actor can store previously entered secure credentials in a plaintext file as part of an auto-init operation. Recommendations: At the moment, there is no information abo...
GHSA-6Q8M-42QQ-64R7 Imperative CLI vulnerable to Command Injection
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...
@broadcom/mat-analyze-for-zowe-cli (=2.0.1), @broadcom/test4z (=2.0.0) +4 more potentially affected by CVE-2021-4326 via @zowe/imperative (>=5.0.0 <=5.7.0)
@zowe/imperative NPM version =5.0.0, =1.0.0, =2.0.2, =7.0.0, =2.0.0, =3.0.0-next.202311171754 Source cves: CVE-2021-4326 Source advisory: OSV:GHSA-6Q8M-42QQ-64R7...
@ibm/rse-api-for-zowe-cli (=2.0.0), @zowe/cli (>=6.25.0 <=6.39.0) +1 more potentially affected by CVE-2021-4326 via @zowe/imperative (>=4.10.0 <=4.18.1)
@zowe/imperative NPM version =4.10.0, =6.25.0, =1.18.1, =1.22.0 Source cves: CVE-2021-4326 Source advisory: OSV:GHSA-6Q8M-42QQ-64R7...
Imperative CLI vulnerable to Command Injection
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...
CVE-2021-4326
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...
CVE-2021-4326
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...
Design/Logic Flaw
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...