8 matches found
Cockpit Web Console < 360 - Remote Code Execution
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...
EUVD-2024-1168
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-3197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, ...
Azure Linux 3.0 Security Update: rust (CVE-2024-32884)
The version of rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32884 advisory. - gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for tex...
AZL-40229 CVE-2024-32884 affecting package rust for versions less than 1.75.0-9
gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...
CVE-2024-32884 gix-transport indirect code execution via malicious username
gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...
CVE-2024-32884 gix-transport indirect code execution via malicious username
gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...
PYSEC-2021-57
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...