CVSS: 9.1EPSS: 9%CPEs: 1EXPL: 2CVE-2021-43837 – Template injection in vault-cli
https://notcve.org/view.php?id=CVE-2021-43837
16 Dec 2021 — vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. • https://github.com/peopledoc/vault-cli/commit/3ba3955887fd6b7d4d646c8b260f21cebf5db852 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2020-7633
https://notcve.org/view.php?id=CVE-2020-7633
06 Apr 2020 — apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. apiconnect-cli-plugins versiones hasta 6.0.1, es vulnerable a una Inyección de Comandos. Permite una ejecución de comandos arbitrarios por medio del argumento pluginUri. • https://openbase.io/js/apiconnect-cli-plugins • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2017-16155
https://notcve.org/view.php?id=CVE-2017-16155
07 Jun 2018 — fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. "fast-http-cli" es la interfaz de línea de comandos para fast-http, un sencillo servidor web. "fast-http-cli" es vulnerable a un problema de salto de directorio que otorga a un atacante acceso al sistema de archivos colocando "../" en la URL. • https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/fast-http-cli • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10657
https://notcve.org/view.php?id=CVE-2016-10657
04 Jun 2018 — co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. co-cli-installer descarga el módulo co-cli como parte del proceso de instalación, pero lo hace mediante HTTP, lo que lo deja vulnerable a ataques MI... • https://nodesecurity.io/advisories/268 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10597
https://notcve.org/view.php?id=CVE-2016-10597
01 Jun 2018 — cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks. cobalt-cli descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. • https://nodesecurity.io/advisories/197 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 2CVE-2016-10538
https://notcve.org/view.php?id=CVE-2016-10538
31 May 2018 — The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. El paquete node-cli, en versiones anteriores a la 1.0.0, emplea de forma insegura lock_file y log_file. Ambos son temporales, pero permite que el usuario inicial sobrescriba cualquier archivo al que tenga acceso. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4997
https://notcve.org/view.php?id=CVE-2014-4997
10 Jan 2018 — lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. lib/commands/setup.rb en la gema point-cli 0.0.1 para Ruby coloca credenciales en la línea de comandos de curl. Esto permite que usuarios locales obtengan información sensible listando el proceso. • http://www.openwall.com/lists/oss-security/2014/07/07/16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •