Linux Distros Unpatched Vulnerability : CVE-2021-31607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion...

CVE-2012-10048 Zenoss 3.x showDaemonXMLConfig Command Execution

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user...

PYSEC-2021-56

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

PT-2021-6057 · Saltstack +2 · Saltstack Salt +2

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions 2016.9 through 3002.6 Description: The issue is related to a command injection vulnerability in the snapper module of SaltStack Salt, which can be exploited to achieve local privilege escalation on a minion. This can...

CVE-2021-28144

prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely...

CVE-2017-15226

Zyxel NBG6716 V1.00AAKG.9C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call...