The vulnerability of the configuration management system and the remote execution feature of SaltStack Salt allow a perpetrator to execute arbitrary commands with elevated privileges.

The vulnerability of the Configuration Management system and the remote execution of operations in SaltStack Salt is related to errors in the processing of input data in the ssh-client salt-api. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with elevated...

SUSE: Security Advisory (SUSE-SU-2021:14870-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code

The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The bug has almost certainly been exploited in the wild as a zero-day, according to an analys...

SUSE: Security Advisory (SUSE-SU-2021:4153-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4ShellCVE-2021-44228 Demo !demo-scenariosimages/demo-...

Updated x11-server packages fix security vulnerabilities

Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write CVE-2021-4008. The handler for the CreatePointerBarrier request of the XFixes extension...

cloud-init bug fix and enhancement update

An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...

ALEA-2021:5239 cloud-init bug fix and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: cloud-init.service fails to start after package updat...

cloud-init bug fix and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: cloud-init.service fails to start after package updat...

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets Vulnerability

Aver EVC300 firmware version 00.10.16.36 suffers from having multiple hard-coded secrets that can allow for access bypass. Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all...

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets

Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all multipoint video conferencing systems contains multiple advanced features that are not well documented: 1. The web admin server...

Debian DLA-2848-1 : libssh2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2848 advisory. Two issues have been discovered in libssh2, a client-side C library implementing the SSH2 protocol: CVE-2019-13115:...

Interact with Established SSH Connection

Interacts with a shell on an established SSH connection Module Options msf use payload/generic/ssh/interact msf payloadinteract show actions ...actions... msf payloadinteract set ACTION msf payloadinteract show options ...show and set options... msf payloadinteract run This module requires...

Apache Log4Shell RCE detection via callback correlation (Direct Check SSH)

Binary data apachelog4shellssh.nbin...

CVE-2021-45099

The addon.stdin service in addon-ssh aka Home Assistant Community Add-on: SSH & Web Terminal before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against...

CVE-2021-45099

The addon.stdin service in addon-ssh aka Home Assistant Community Add-on: SSH & Web Terminal before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against...

Design/Logic Flaw

DISPUTED The addon.stdin service in addon-ssh aka Home Assistant Community Add-on: SSH & Web Terminal before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure...

CVE-2021-45099

The addon.stdin service in addon-ssh aka Home Assistant Community Add-on: SSH & Web Terminal before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against...

CVE-2021-45099

The addon.stdin service in addon-ssh aka Home Assistant Community Add-on: SSH & Web Terminal before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against...

CVE-2021-45099

The vulnerability concerns the Home Assistant Community Add-on: SSH & Web Terminal (addon-ssh) prior to version 10.0.0 via the addon.stdin service. Root cause per sources is an attack surface that relies on social engineering; the vendor disputes this as a vulnerability, and addon.stdin was remov...