Filtered by vendor Saltstack
Subscriptions
Total
55 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7893 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. | ||||
| CVE-2017-5200 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | ||||
| CVE-2017-5192 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. | ||||
| CVE-2017-14696 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | ||||
| CVE-2017-14695 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. | ||||
| CVE-2017-12791 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | ||||
| CVE-2016-9639 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | ||||
| CVE-2016-3176 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | ||||
| CVE-2015-8034 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2015-6941 | 1 Saltstack | 1 Salt 2015 | 2024-11-21 | N/A |
| win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. | ||||
| CVE-2015-6918 | 1 Saltstack | 1 Salt 2015 | 2024-11-21 | N/A |
| salt before 2015.5.5 leaks git usernames and passwords to the log. | ||||
| CVE-2015-4017 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | ||||
| CVE-2015-1839 | 2 Fedoraproject, Saltstack | 2 Fedora, Salt | 2024-11-21 | N/A |
| modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | ||||
| CVE-2015-1838 | 2 Fedoraproject, Saltstack | 2 Fedora, Salt | 2024-11-21 | N/A |
| modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | ||||
| CVE-2013-2228 | 1 Saltstack | 1 Saltstack | 2024-11-21 | 8.1 High |
| SaltStack RSA Key Generation allows remote users to decrypt communications | ||||