906 matches found
SaltStack Salt shell injection vulnerability
SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. A shell injection vulnerability exists in the ssh client of the salt-api in...
CentOS: Security Advisory for ImageMagick (CESA-2021:0024)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
Sql injection
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
PYSEC-2021-57
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
PYSEC-2021-362
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
UBUNTU-CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
PYSEC-2021-57
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
CVE-2021-3197
SaltStack Salt before 3002.5 is vulnerable in the salt-api ssh client to a shell injection via ProxyCommand or via ssh_options provided in API requests. Affected component: salt-api SSH handling; root cause: improper handling of ProxyCommand/ssh_options inputs leading to command injection. Impact...
CVE-2021-3197
Removed by vendor...
CVE-2021-3197
A flaw was found in Salt. The Salt-API’s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
Saltstack SaltStack Salt 注入漏洞
SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. A shell injection vulnerability exists in the ssh client of the salt-api in...
salt -- multiple vulnerabilities
SaltStack reports multiple security vulnerabilities in Salt CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. CVE-2021-25281: The Salt-API does not have eAuth credentials for the...
CVE-2021-26747
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution...
CVE-2021-26747
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution...
CVE-2020-28494
Summary: CVE-2020-28494 affects the total.js package (before 3.4.7). The vulnerability occurs in the image.pipe and image.stream functions where the type parameter is used to build a command that is executed via child_process.spawn with the option shell: true, and the type value is not properly s...