CVE-2020-16846

A flaw was found in salt. A shell injection vulnerability was found where an unauthenticated user with network access to the Salt API can use shell injections to run code on the Salt-API using the SSH client. An attacker could use this flaw to cause a denial of service, information disclosure, or...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

PYSEC-2020-104

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

PYSEC-2020-104

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

Design/Logic Flaw

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

UBUNTU-CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2020-16846

CVE-2020-16846 affects SaltStack Salt via the Salt API SSH Client. The issue allows an unauthenticated, network-accessible user to execute arbitrary commands by injecting shell commands through crafted requests to the Salt API when the SSH client is enabled. The vulnerability is cited across mult...

CVE-2020-16846

Removed by vendor...

CVE-2020-16846 — SaltStack Unauthenticated Shell Injection

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. Recent assessments: ccondon-r7 at October 14, 2021 2:31pm UTC reported: Being exploited in the wild as of April 2021. Juniper Networks...

CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

CVE-2020-15272 Shell-injection in git-tag-annotation GitHub action

In the git-tag-annotation-action open source GitHub Action before version 1.0.1, an attacker can execute arbitrary shell commands if they can control the value of the tag input or manage to alter the value of the GITHUBREF environment variable. The problem has been patched in version 1.0.1. If yo...

EulerOS 2.0 SP9 : cifs-utils (EulerOS-SA-2020-2174)

According to the version of the cifs-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary...

GLSA-202009-16 : LinuxCIFS: Shell injection

The remote host is affected by the vulnerability described in GLSA-202009-16 LinuxCIFS: Shell injection The mount.cifs utility had a shell injection issue where one can embed shell commands via the username mount option. Those commands will be run via popen in the context of the user calling moun...

LinuxCIFS: Shell injection

Background The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems. Description The mount.cifs utility had a shell injection issue where one can embed shell commands via the username mount option. Those commands will be run via popen in the context of the user...

Updated cifs-utils packages fix security vulnerability

The mount.cifs utility has a shell injection issue where one can embed shell commands via the username mount option. Those commands will be run via popen in the context of the user calling mount CVE-2020-14342...

MGASA-2020-0376 Updated cifs-utils packages fix security vulnerability

The mount.cifs utility has a shell injection issue where one can embed shell commands via the username mount option. Those commands will be run via popen in the context of the user calling mount CVE-2020-14342...