26 matches found
Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0211)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0211 advisory. - In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted INGESTEVAL' parameter in a Field...
SUSE CVE-2022-22941
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...
CVE-2023-22941
creationtimestamp| type| source ---|---|--- 2023-02-14 20:35:43+00:00| seen| https://t.me/cibsecurity/58120 2025-02-28 11:26:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5870...
CVE-2023-22941
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGESTEVAL’ parameter in a Field Transformation crashes the Splunk daemon splunkd...
CVE-2023-22941 Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGESTEVAL’ parameter in a Field Transformation crashes the Splunk daemon splunkd...
CVE-2023-22941
CVE-2023-22941 affects Splunk Enterprise: versions prior to 8.1.13, 8.2.10, and 9.0.4 are vulnerable due to an improperly formatted INGEST_EVAL parameter in a Field Transformation, which can crash the splunkd daemon. The issue is rooted in input parsing of INGEST_EVAL/INGEST EVAL and has the pote...
CVE-2023-22941 Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGESTEVAL’ parameter in a Field Transformation crashes the Splunk daemon splunkd...
CVE-2022-22941
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...
Citrix ShareFile Storage Zones Controller Remote Code Execution (CVE-2021-22941)
A remote code execution vulnerability exists in Citrix ShareFile Storage Zones Controller. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities
According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - Salt Masters do not sign pillar data with the minion's public key, which can result in attackers substituting arbitrary pillar data. CVE-2022-22934 - Job...
openSUSE 15 Security Update : salt (openSUSE-SU-2022:1059-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1059-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion...
SUSE: Security Advisory (SUSE-SU-2022:1059-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for salt (openSUSE-SU-2022:1059-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2022:1059-1 Security update for salt
This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM bsc1197417 - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. bsc1197417 - CVE-2022-22936: Prevent job and fileserver replays bsc1197417 - CVE-2022-22941: Fixed targeting bug,...
elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2022-22941 via salt (>=2014.1.10 <=3001.8.0)
salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2022-22941 Source advisory: OSV:GHSA-QCR3-HR2F-6557...
SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2022:1059-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1059-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sig...
CVE-2022-22941
creationtimestamp| type| source ---|---|--- 2022-03-29 20:11:41+00:00| seen| https://t.me/cibsecurity/39767...
CVE-2022-22941
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...
CVE-2022-22941
CVE-2022-22941 affects SaltStack Salt prior to 3002.8, 3003.4, and 3004.1 when configured as a Master‑of‑Masters with a publisher_acl. A Syndic‑connected minion set can be targeted by a user in publisher_acl, and the Master can incorrectly treat no valid targets as valid, allowing that user to pu...
CVE-2022-22941
Removed by vendor...