726 matches found
ALSA-2021:3151 Important: sssd security update
The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...
CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...
CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...
Advisory ROSA-SA-2021-1919
Software: mgetty 1.1.36 OS: Cobalt 7.9 CVE-ID: CVE-2018-16741 CVE-Crit: HIGH CVE-DESC: A problem was found in mgetty before 1.2.1. In the file fax / faxq-helper.c, the doactivate function does not properly handle shell metacharacters to prevent commands from being injected. You can use the...
PT-2021-7962 · Sssd +10 · Sssd +10
Name of the Vulnerable Software and Affected Versions: SSSD affected versions not specified Description: The issue is related to the sssctl command in the SSSD service, which lacks input sanitization measures. This allows a remote attacker to exploit the vulnerability, potentially gaining access ...
Shell command injection in Apache Syncope
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...
SUSE: Security Advisory (SUSE-SU-2014:1696-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:2729-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:1455-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : pglogical -- shell command injection in pglogical.create_subscription() (45b8716b-c707-11eb-b9a0-6805ca0b3d42)
2ndQuadrant reports : - Fix pgdump/pgrestore execution CVE-2021-3515 Correctly escape the connection string for both pgdump and pgrestore so that exotic database and user names are handled correctly. Reported by Pedro Gallegos %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
pglogical -- shell command injection in pglogical.create_subscription()
2ndQuadrant reports: Fix pgdump/pgrestore execution CVE-2021-3515 Correctly escape the connection string for both pgdump and pgrestore so that exotic database and user names are handled correctly. Reported by Pedro Gallegos...
openSUSE Security Update : cifs-utils (openSUSE-2021-639)
This update for cifs-utils fixes the following security issues : - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. bsc1183239 - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. bsc1174477 This update for cifs-utils fixes the following issu...
SUSE SLES15 Security Update : cifs-utils (SUSE-SU-2021:1455-1)
This update for cifs-utils fixes the following security issues : CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. bsc1183239 CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. bsc1174477 This update for cifs-utils fixes the following issues :...
openSUSE: Security Advisory for cifs-utils (openSUSE-SU-2021:0639-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for cifs-utils (important)
openSUSE Security Update: Security update for cifs-utils Announcement ID: openSUSE-SU-2021:0639-1 Rating: important References: 1152930 1174477 1183239 1184815 Cross-References: CVE-2020-14342 CVE-2021-20208 CVSS scores: CVE-2020-14342 NVD : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H...
OPENSUSE-SU-2021:0639-1 Security update for cifs-utils
This update for cifs-utils fixes the following security issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. bsc1183239 - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. bsc1174477 This update for cifs-utils fixes the following issue...
SUSE-SU-2021:1455-1 Security update for cifs-utils
This update for cifs-utils fixes the following security issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. bsc1183239 - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. bsc1174477 This update for cifs-utils fixes the following issue...
SUSE: Security Advisory (SUSE-SU-2014:1658-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:2728-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VulnCheck KEV: CVE-2018-10823
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip...