Search CVE reports
31 – 40 of 59 results
CVE-2019-18897
Medium priorityA UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to...
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | — | Not in release | Not affected | Not affected |
CVE-2019-17361
Medium prioritySome fixes available 2 of 5
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on...
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | Not in release | Not affected | Not in release | Fixed | Fixed |
CVE-2013-2228
Medium prioritySaltStack RSA Key Generation allows remote users to decrypt communications
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | — | — | — | — |
CVE-2019-1010259
Medium prioritySaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from...
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | Not in release | Not affected | Not in release | Needs evaluation | Needs evaluation |
CVE-2018-15751
Medium prioritySome fixes available 4 of 7
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | Not affected | Not in release | Fixed | Fixed |
CVE-2018-15750
Medium prioritySome fixes available 4 of 7
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | Not affected | Not in release | Fixed | Fixed |
CVE-2017-7893
Medium priorityIn SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | Not in release | Not affected | Not in release | Not affected | Vulnerable |
CVE-2017-14696
Medium prioritySome fixes available 2 of 4
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | Not affected | Not in release | Not affected | Fixed |
CVE-2017-14695
Medium prioritySome fixes available 2 of 4
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via...
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | Not affected | Not in release | Not affected | Fixed |
CVE-2015-6918
Medium prioritySome fixes available 1 of 6
salt before 2015.5.5 leaks git usernames and passwords to the log.
1 affected package
salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
salt | — | — | — | Not affected | Not affected |