Lucene search
K

35 matches found

Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44372

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description A time-to-check-time-of-use TOCTOU issue in the polkit authentication of qSnapper allows a local attacker to bypass the authentication mechanism. This can enable the attacker to perform operations...

8.1CVSS5.9AI score0.00136EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-11163

Malware in sbrugna...

9.8CVSS6AI score0.00613EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-31607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion...

7.8CVSS7AI score0.03808EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 1:56 a.m.6 views

CVE-2017-20163

A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...

9.8CVSS7.7AI score0.00613EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.2 views

SUSE CVE-2021-31607

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

7CVSS9.6AI score0.03808EPSS
Exploits1References29
NVD
NVD
added 2023/01/05 8:15 p.m.20 views

CVE-2017-20163

A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...

9.8CVSS7.1AI score0.00613EPSS
Exploits0References3
OSV
OSV
added 2023/01/05 8:15 p.m.27 views

CVE-2017-20163

A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...

9.8CVSS7.7AI score
Exploits0References3
Prion
Prion
added 2023/01/05 8:15 p.m.11 views

Sql injection

A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...

7.5CVSS9.8AI score0.00613EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/01/05 7:18 p.m.41 views

CVE-2017-20163

Red Snapper NView is affected; the mutate function in src/Session.php is vulnerable to SQL injection via the session parameter. The patch cbd255f55d476b29e5680f66f48c73ddb3d416a8 is recommended as a fix. A temporary workaround from PT-2023-10615 suggests disabling mutate or restricting access to ...

9.8CVSS8AI score0.00613EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/01/05 7:18 p.m.20 views

CVE-2017-20163 Red Snapper NView Session.php mutate sql injection

A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability affects the function mutate of the file src/Session.php. The manipulation of the argument session leads to sql injection. The name of the patch is cbd255f55d476b29e5680f66f48c73ddb3d416a8. It is...

5.5CVSS10AI score0.00613EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/05 12:0 a.m.4 views

PT-2023-10615 · Unknown · Red Snapper Nview

Name of the Vulnerable Software and Affected Versions: Red Snapper NView affected versions not specified Description: A critical vulnerability has been found in Red Snapper NView. This issue affects the mutate function of the file src/Session.php. The manipulation of the session argument leads to...

9.8CVSS6.6AI score0.00613EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/18 6:7 a.m.4 views

Malicious code in website-snapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1735958a488b70e782deb5cfc750dfbe73844ef2f440148bb0808d7bfe2758e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/08/18 6:7 a.m.9 views

MAL-2022-7108 Malicious code in website-snapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1735958a488b70e782deb5cfc750dfbe73844ef2f440148bb0808d7bfe2758e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/05/24 5:48 p.m.34 views

GHSA-HCJF-RP5H-G5H3 Command Injection in SaltStack Salt

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

7.8CVSS7.9AI score0.03808EPSS
Exploits1References14
Github Security Blog
Github Security Blog
added 2022/05/24 5:48 p.m.37 views

Command Injection in SaltStack Salt

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

7.8CVSS4.6AI score0.03808EPSS
Exploits1References15Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/07 12:0 a.m.6 views

The vulnerability of the snapper module in the configuration management system and remote execution of SaltStack Salt allows a perpetrator to gain increased privileges.

The vulnerability of the snapper module in the Configuration Management system and the remote execution of SaltStack Salt is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow attackers to enhance their privileges through a special...

7.8CVSS7.7AI score0.03808EPSS
Exploits1References13Affected Software6
Tenable Nessus
Tenable Nessus
added 2021/11/03 12:0 a.m.42 views

SaltStack 3000.x < 3001.8 / 3002.x < 3002.7 / 3003.x < 3003.3 Privilege Escalation

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by a command injection vulnerability that may result in privilege escalation. This vulnerability exists in the snapper module and allows for the possibility of local privilege escalati...

7.8CVSS8.1AI score0.03808EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/07/16 12:0 a.m.45 views

openSUSE 15 Security Update : salt (openSUSE-SU-2021:1951-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1951-1 advisory. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation...

7.8CVSS8.1AI score0.03808EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/11 12:0 a.m.28 views

Security update for salt (important)

openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:1951-1 Rating: important References: 1185281 1186674 ECO-3212 SLE-18028 SLE-18033 Cross-References: CVE-2021-31607 CVSS scores: CVE-2021-31607 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607...

7CVSS9.1AI score0.03808EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2021/06/24 12:0 a.m.29 views

openSUSE: Security Advisory for salt (openSUSE-SU-2021:0899-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.4AI score0.96405EPSS
Exploits29References4
Rows per page
Query Builder