Debian DSA-4837-1 : salt - security update

Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the Salt API using the SSH...

DEBIAN-CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

RHEL 7 : ImageMagick (RHSA-2021:0024)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0024 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fixes:...

Important: Red Hat Security Advisory: ImageMagick security update

An update for ImageMagick is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

ImageMagick: Shell injection via PDF password could result in arbitrary code execution

A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdf.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Scientific Linux Security Update : ImageMagick on SL7.x i686/x86_64 (2021:0024)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:0024-1 advisory. - ImageMagick: Shell injection via PDF password could result in arbitrary code execution CVE-2020-29599 Note that Nessus has not tested for this issue but...

Shell Injection

radare2 is vulnerable to shell injection. An attacker may create a malicious PDB file in PDB server path to cause a shell injection...

DEBIAN-CVE-2020-29599

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via...

UBUNTU-CVE-2020-29599

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via...

CVE-2020-29599

ImageMagick-identified CVE-2020-29599 is a command-injection flaw in the -authenticate handling for password-protected PDFs, exploitable via coders/pdf.c. Affected releases include ImageMagick 6.9.11-40 and 7.x prior to 7.0.10-40; user-supplied passwords could inject shell commands. Public adviso...

PT-2020-6178 · Imagemagick +7 · Imagemagick +7

Name of the Vulnerable Software and Affected Versions: ImageMagick versions 6.9.11-40 and earlier, 7.x versions prior to 7.0.10-40 Description: The issue is related to the -authenticate option in ImageMagick, which is used for setting passwords for password-protected PDF files. The user-controlle...

Shell Injection

Salt is vulnerable to shell injection. An attacker can send malicious web requests to the Salt API to execute arbitrary shell commands when the SSH client is enabled...

CVE-2020-16846

A flaw was found in salt. A shell injection vulnerability was found where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt-API using the SSH client. An attacker could use this flaw to cause a denial of service, information disclosure, or...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

PYSEC-2020-104

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

UBUNTU-CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

PYSEC-2020-104

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

Design/Logic Flaw

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...