Search CVE reports


Toggle filters

41 – 50 of 59 results


CVE-2017-5200

Medium priority
Vulnerable

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a...

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Not affected Not in release Not affected Vulnerable
Show less packages

CVE-2017-5192

Medium priority
Vulnerable

When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to...

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Not affected Not in release Not affected Vulnerable
Show less packages

CVE-2015-4017

Medium priority
Ignored

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not affected Not affected
Show less packages

CVE-2017-12791

Medium priority

Some fixes available 2 of 4

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not affected Not in release Not affected Fixed
Show less packages

CVE-2015-6941

Medium priority

Some fixes available 1 of 3

win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not affected Not affected
Show less packages

CVE-2017-8109

Medium priority
Ignored

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not affected Not affected
Show less packages

CVE-2015-1839

Low priority
Ignored

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not affected Not affected
Show less packages

CVE-2015-1838

Low priority
Ignored

modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not affected Not affected
Show less packages

CVE-2016-9639

Medium priority
Vulnerable

Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Not affected Not in release Not affected Vulnerable
Show less packages

CVE-2016-3176

High priority
Ignored

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

1 affected package

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Not affected Not in release Not affected Not affected
Show less packages