Lucene search
K

35 matches found

OpenVAS
OpenVAS
added 2024/08/09 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-6948-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.99585EPSS
Exploits13References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.3 views

SUSE CVE-2020-25592

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH...

9.8CVSS9.9AI score0.57453EPSS
Exploits3References34
vulnersOsv
vulnersOsv
added 2022/05/24 5:33 p.m.13 views

elita (>=0.60.0 <=0.64.1) potentially affected by CVE-2020-25592 via salt (=2014.1.10)

salt PYPI version =2014.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - elita =0.60.0, =0.64.1 Source cves: CVE-2020-25592 Source advisory: OSV:GHSA-29J3-2446-5J4W...

9.8CVSS7.2AI score0.57453EPSS
Exploits3
OpenVAS
OpenVAS
added 2021/07/13 12:0 a.m.26 views

openSUSE: Security Advisory for salt (openSUSE-SU-2021:2106-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.4AI score0.96405EPSS
Exploits29References4
OpenVAS
OpenVAS
added 2021/06/24 12:0 a.m.29 views

openSUSE: Security Advisory for salt (openSUSE-SU-2021:0899-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.4AI score0.96405EPSS
Exploits29References4
OpenVAS
OpenVAS
added 2021/06/23 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2021:2105-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.6AI score0.96405EPSS
Exploits29References15
OpenVAS
OpenVAS
added 2021/06/23 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2021:2106-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.4AI score0.96405EPSS
Exploits29References4
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.43 views

SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2020:14538-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14538-1 advisory. - An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can resul...

9.8CVSS7.3AI score0.99585EPSS
Exploits5References13
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.11 views

SUSE: Security Advisory (SUSE-SU-2020:3155-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.99585EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2020:3243-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.99585EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2020:3244-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.99585EPSS
Exploits5References15
Tenable Nessus
Tenable Nessus
added 2021/01/25 12:0 a.m.33 views

Debian DSA-4837-1 : salt - security update

Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the Salt API using the SSH...

9.8CVSS7.4AI score0.99585EPSS
Exploits5References6
Debian
Debian
added 2021/01/24 3:29 p.m.49 views

[SECURITY] [DSA 4837-1] salt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4837-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2021 https://www.debian.org/security/faq -...

7.5CVSS1.3AI score0.99585EPSS
Exploits5
OpenVAS
OpenVAS
added 2020/12/05 12:0 a.m.12 views

Debian: Security Advisory (DLA-2480-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.99585EPSS
Exploits5References6
Debian
Debian
added 2020/12/04 5:33 p.m.66 views

[SECURITY] [DLA 2480-1] salt security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2480-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA December 04, 2020 https://wiki.debian.org/LTS -...

9.8CVSS9.4AI score0.99585EPSS
Exploits5
Metasploit
Metasploit
added 2020/11/12 5:41 p.m.58 views

SaltStack Salt REST API Arbitrary Command Execution

This module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5,...

9.8CVSS10AI score0.99585EPSS
Exploits5
0day.today
0day.today
added 2020/11/12 12:0 a.m.122 views

SaltStack Salt REST API Arbitrary Command Execution Exploit

This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8,...

9.8CVSS9.4AI score0.99585EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2020/11/12 12:0 a.m.27 views

FreeBSD : salt -- multiple vulnerabilities (50259d8b-243e-11eb-8bae-b42e99975750)

SaltStack reports multiple security vulnerabilities in Salt 3002 : - CVE-2020-16846: Prevent shell injections in netapi ssh client. - CVE-2020-17490: Prevent creating world readable private keys with the tls execution module. - CVE-2020-25592: Properly validate eauth credentials and tokens along...

9.8CVSS7.4AI score0.99585EPSS
Exploits5References5
Tenable Nessus
Tenable Nessus
added 2020/11/12 12:0 a.m.30 views

GLSA-202011-13 : Salt: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202011-13 Salt: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...

9.8CVSS7.2AI score0.99585EPSS
Exploits5References5
Circl
Circl
added 2020/11/11 7:52 p.m.34 views

CVE-2020-25592

creationtimestamp| type| source ---|---|--- 2020-11-11 19:52:11+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/saltstacksaltapicmdexec.rb 2022-11-27 18:58:48+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2150...

9.8CVSS8.5AI score0.57453EPSS
Exploits3References4
Rows per page
Query Builder