35 matches found
PT-2026-44372
Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description A time-to-check-time-of-use TOCTOU issue in the polkit authentication of qSnapper allows a local attacker to bypass the authentication mechanism. This can enable the attacker to perform operations...
EUVD-2017-11163
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-31607
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion...
CVE-2017-20163
A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...
SUSE CVE-2021-31607
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...
CVE-2017-20163
A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...
CVE-2017-20163
A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...
Sql injection
A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...
CVE-2017-20163
Red Snapper NView is affected; the mutate function in src/Session.php is vulnerable to SQL injection via the session parameter. The patch cbd255f55d476b29e5680f66f48c73ddb3d416a8 is recommended as a fix. A temporary workaround from PT-2023-10615 suggests disabling mutate or restricting access to ...
CVE-2017-20163 Red Snapper NView Session.php mutate sql injection
A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...
PT-2023-10615 · Unknown · Red Snapper Nview
Name of the Vulnerable Software and Affected Versions: Red Snapper NView affected versions not specified Description: A critical vulnerability has been found in Red Snapper NView. This issue affects the mutate function of the file src/Session.php. The manipulation of the session argument leads to...
Malicious code in website-snapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1735958a488b70e782deb5cfc750dfbe73844ef2f440148bb0808d7bfe2758e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7108 Malicious code in website-snapper (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1735958a488b70e782deb5cfc750dfbe73844ef2f440148bb0808d7bfe2758e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-HCJF-RP5H-G5H3 Command Injection in SaltStack Salt
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...
Command Injection in SaltStack Salt
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...
The vulnerability of the snapper module in the configuration management system and remote execution of SaltStack Salt allows a perpetrator to gain increased privileges.
The vulnerability of the snapper module in the Configuration Management system and the remote execution of SaltStack Salt is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow attackers to enhance their privileges through a special...
SaltStack 3000.x < 3001.8 / 3002.x < 3002.7 / 3003.x < 3003.3 Privilege Escalation
According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by a command injection vulnerability that may result in privilege escalation. This vulnerability exists in the snapper module and allows for the possibility of local privilege escalati...
openSUSE 15 Security Update : salt (openSUSE-SU-2021:1951-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1951-1 advisory. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation...
Security update for salt (important)
openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:1951-1 Rating: important References: 1185281 1186674 ECO-3212 SLE-18028 SLE-18033 Cross-References: CVE-2021-31607 CVSS scores: CVE-2021-31607 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607...
openSUSE: Security Advisory for salt (openSUSE-SU-2021:0899-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...