Search CVE reports


Toggle filters

31 – 40 of 59 results


CVE-2019-18897

Medium priority
Ignored

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to...

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Not affected Not affected
Show less packages

CVE-2019-17361

Medium priority

Some fixes available 2 of 5

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on...

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Not affected Not in release Fixed Fixed
Show less packages

CVE-2013-2228

Medium priority
Ignored

SaltStack RSA Key Generation allows remote users to decrypt communications

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt
Show less packages

CVE-2019-1010259

Medium priority
Needs evaluation

SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from...

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Not affected Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2018-15751

Medium priority

Some fixes available 4 of 7

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not affected Not in release Fixed Fixed
Show less packages

CVE-2018-15750

Medium priority

Some fixes available 4 of 7

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not affected Not in release Fixed Fixed
Show less packages

CVE-2017-7893

Medium priority
Vulnerable

In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Not affected Not in release Not affected Vulnerable
Show less packages

CVE-2017-14696

Medium priority

Some fixes available 2 of 4

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not affected Not in release Not affected Fixed
Show less packages

CVE-2017-14695

Medium priority

Some fixes available 2 of 4

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via...

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not affected Not in release Not affected Fixed
Show less packages

CVE-2015-6918

Medium priority

Some fixes available 1 of 6

salt before 2015.5.5 leaks git usernames and passwords to the log.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not affected Not affected
Show less packages