CVE-2021-3197

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

CVE-2021-3197

Removed by vendor...

CVE-2021-3197

A flaw was found in Salt. The Salt-API’s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Saltstack SaltStack Salt 注入漏洞

SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. A shell injection vulnerability exists in the ssh client of the salt-api in...

salt -- multiple vulnerabilities

SaltStack reports multiple security vulnerabilities in Salt CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. CVE-2021-25281: The Salt-API does not have eAuth credentials for the...

CVE-2021-26747

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution...

CVE-2021-26747

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution...

CVE-2020-28494

Summary: CVE-2020-28494 affects the total.js package (before 3.4.7). The vulnerability occurs in the image.pipe and image.stream functions where the type parameter is used to build a command that is executed via child_process.spawn with the option shell: true, and the type value is not properly s...

Debian DSA-4837-1 : salt - security update

Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the Salt API using the SSH...

DEBIAN-CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

RHEL 7 : ImageMagick (RHSA-2021:0024)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0024 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fixes:...

Important: Red Hat Security Advisory: ImageMagick security update

An update for ImageMagick is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

ImageMagick: Shell injection via PDF password could result in arbitrary code execution

A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdf.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Scientific Linux Security Update : ImageMagick on SL7.x i686/x86_64 (2021:0024)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:0024-1 advisory. - ImageMagick: Shell injection via PDF password could result in arbitrary code execution CVE-2020-29599 Note that Nessus has not tested for this issue but...

Shell Injection

radare2 is vulnerable to shell injection. An attacker may create a malicious PDB file in PDB server path to cause a shell injection...

DEBIAN-CVE-2020-29599

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via...

UBUNTU-CVE-2020-29599

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via...

CVE-2020-29599

ImageMagick-identified CVE-2020-29599 is a command-injection flaw in the -authenticate handling for password-protected PDFs, exploitable via coders/pdf.c. Affected releases include ImageMagick 6.9.11-40 and 7.x prior to 7.0.10-40; user-supplied passwords could inject shell commands. Public adviso...

PT-2020-6178 · Imagemagick +7 · Imagemagick +7

Name of the Vulnerable Software and Affected Versions: ImageMagick versions 6.9.11-40 and earlier, 7.x versions prior to 7.0.10-40 Description: The issue is related to the -authenticate option in ImageMagick, which is used for setting passwords for password-protected PDF files. The user-controlle...

Shell Injection

Salt is vulnerable to shell injection. An attacker can send malicious web requests to the Salt API to execute arbitrary shell commands when the SSH client is enabled...