1774 matches found
EUVD-2021-29343
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
CVE-2021-42372
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
CVE-2021-42372
CVE-2021-42372 affects XoruX LPAR2RRD and STOR2RRD prior to version 7.30. The underlying issue is a shell command injection in the HW Events SNMP community, allowing authenticated remote attackers to execute arbitrary shell commands as the service user. Red Hat and other sources confirm the affec...
Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2021-2646)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : sssd (EulerOS-SA-2021-2646)
According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. Thi...
CVE-2021-31356 Junos OS Evolved: Multiple shell-injection vulnerabilities in EVO UI wrapper scripts
A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an...
Amazon Linux 2 : sssd (ALAS-2021-1715)
The version of sssd installed on the remote host is prior to 1.16.5-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1715 advisory. A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire...
Important: sssd
Issue Overview: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access...
Amazon Linux AMI : sssd (ALAS-2021-1542)
The version of sssd installed on the remote host is prior to 1.16.4-21.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1542 advisory. A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire...
SUSE-RU-2021:3185-1 Recommended update for sssd
This update for sssd fixes the following issues: - Fix a dependency loop by moving internal libraries to sssd-common package. bsc1182058 - Moved sssctl command from sssd to sssd-tools package. bsc1184289 - Create timestamp attribute in cache objects if missing. bsc1182637 - Fix watchdog not...
CVE-2021-41383
CVE-2021-41383 affects NETGEAR R6020 router firmware 1.0.0.48. Vulnerability arises from lack of validation/filtering in setup.cgi ntp_server field, allowing an administrator to inject shell commands and execute arbitrary commands on the device. Exploitation details are not provided in the availa...
MISP 命令注入漏洞
MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A command injection vulnerability exists in MISP, which originates in the product...
Debian DLA-2758-1 : sssd - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2758 advisory. - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. This flaw allows an attacke...
CentOS 8 : sssd (CESA-2021:3151)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:3151 advisory. - sssd: shell command injection in sssctl CVE-2021-3621 Note that Nessus has not tested for this issue but has instead relied only on the application's...
SUSE: Security Advisory (SUSE-SU-2021:2941-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FlatCore CMS 2.0.7 Remote Code Execution
Exploit Title: FlatCore CMS 2.0.7 - Remote Code Execution RCE Authenticated Date: 04/10/2021 Exploit Author: Mason Soroka-Gill @sgizoid Vendor Homepage: https://flatcore.org/ Software Link: https://github.com/flatCore/flatCore-CMS/archive/refs/tags/v2.0.7.tar.gz Version: 2.0.7 Tested on: Ubuntu...
SUSE SLED15 / SLES15 Security Update : sssd (SUSE-SU-2021:2941-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2941-1 advisory. - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands...
openSUSE: Security Advisory for sssd (openSUSE-SU-2021:2941-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:2941-1 Security update for sssd
This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands bsc1189492. - Add LDAPS support for the AD provider bsc1183735. - Improve logs to record the reason why internal watchdog terminates a process...
Security update for sssd (important)
openSUSE Security Update: Security update for sssd Announcement ID: openSUSE-SU-2021:2941-1 Rating: important References: 1183735 1187120 1189492 Cross-References: CVE-2021-3621 CVSS scores: CVE-2021-3621 SUSE: 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3...