906 matches found
CVE-2020-16846
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...
CVE-2020-16846
CVE-2020-16846 affects SaltStack Salt via the Salt API SSH Client. The issue allows an unauthenticated, network-accessible user to execute arbitrary commands by injecting shell commands through crafted requests to the Salt API when the SSH client is enabled. The vulnerability is cited across mult...
CVE-2020-16846
Removed by vendor...
CVE-2020-16846
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...
CVE-2020-16846 — SaltStack Unauthenticated Shell Injection
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. Recent assessments: ccondon-r7 at October 14, 2021 2:31pm UTC reported: Being exploited in the wild as of April 2021. Juniper Networks...
CVE-2020-16846
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...
CVE-2020-15272 Shell-injection in git-tag-annotation GitHub action
In the git-tag-annotation-action open source GitHub Action before version 1.0.1, an attacker can execute arbitrary shell commands if they can control the value of the tag input or manage to alter the value of the GITHUBREF environment variable. The problem has been patched in version 1.0.1. If yo...
EulerOS 2.0 SP9 : cifs-utils (EulerOS-SA-2020-2174)
According to the version of the cifs-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary...
GLSA-202009-16 : LinuxCIFS: Shell injection
The remote host is affected by the vulnerability described in GLSA-202009-16 LinuxCIFS: Shell injection The mount.cifs utility had a shell injection issue where one can embed shell commands via the username mount option. Those commands will be run via popen in the context of the user calling moun...
LinuxCIFS: Shell injection
Background The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems. Description The mount.cifs utility had a shell injection issue where one can embed shell commands via the username mount option. Those commands will be run via popen in the context of the user...
Updated cifs-utils packages fix security vulnerability
The mount.cifs utility has a shell injection issue where one can embed shell commands via the username mount option. Those commands will be run via popen in the context of the user calling mount CVE-2020-14342...
MGASA-2020-0376 Updated cifs-utils packages fix security vulnerability
The mount.cifs utility has a shell injection issue where one can embed shell commands via the username mount option. Those commands will be run via popen in the context of the user calling mount CVE-2020-14342...
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
...
AZL-6353 CVE-2020-14342 affecting package cifs-utils for versions less than 6.8-6
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges...
Design/Logic Flaw
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges...
CVE-2020-14342
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges...
CVE-2020-24354
Zyxel VMG5313-B30B router on firmware 5.13ABCJ.6b31127, and possibly older versions of firmware are affected by shell injection...
CVE-2020-24354
Zyxel VMG5313-B30B router on firmware 5.13ABCJ.6b31127, and possibly older versions of firmware are affected by shell injection...
Design/Logic Flaw
Zyxel VMG5313-B30B router on firmware 5.13ABCJ.6b31127, and possibly older versions of firmware are affected by shell injection...
CVE-2020-24354
Zyxel VMG5313-B30B router on firmware 5.13ABCJ.6b31127, and possibly older versions of firmware are affected by shell injection...