CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

104 matches found

PyPA•added 2018/10/24 10:29 p.m.•5 views

PYSEC-2018-29

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server...

5.3CVSS7AI score0.00912EPSS

Exploits0References7Affected Software1

OSV•added 2018/10/24 10:29 p.m.•0 views

UBUNTU-CVE-2018-15751

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...

9.8CVSS7.5AI score0.00556EPSS

Exploits0References8

OSV•added 2018/10/24 10:29 p.m.•22 views

CVE-2018-15751

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...

9.8CVSS9.9AI score

Exploits0References7

UbuntuCve•added 2018/10/24 10:29 p.m.•24 views

CVE-2018-15751

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...

9.8CVSS7.4AI score0.00556EPSS

Exploits0References7

Cvelist•added 2018/10/24 10:0 p.m.•21 views

CVE-2018-15750

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server...

7.1AI score0.00912EPSS

Exploits0References7

AlpineLinux•added 2018/10/24 10:0 p.m.•44 views

CVE-2018-15751

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...

9.8CVSS10AI score0.00556EPSS

Exploits0

FreeBSD•added 2018/10/24 12:0 a.m.•499 views

salt -- multiple vulnerabilities

SaltStack reports: Remote command execution and incorrect access control when using salt-api. Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events...

6.6AI score

Exploits0References2

PyPA•added 2017/09/26 2:29 p.m.•4 views

PYSEC-2017-38

When using the localbatch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed...

8.8CVSS7.1AI score0.0048EPSS

Exploits0References3Affected Software1

UbuntuCve•added 2017/09/26 2:29 p.m.•23 views

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled...

9CVSS7.6AI score0.0097EPSS

Exploits0References1

UbuntuCve•added 2017/09/26 2:29 p.m.•19 views

CVE-2017-5192

8.8CVSS7.4AI score0.0048EPSS

Exploits0References2

OSV•added 2017/09/26 2:29 p.m.•0 views

UBUNTU-CVE-2017-5192

8.8CVSS7.5AI score0.0048EPSS

Exploits0References3

Prion•added 2017/09/26 2:29 p.m.•20 views

Command injection

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

9CVSS8.7AI score0.0097EPSS

Exploits0References3Affected Software1

OSV•added 2017/09/26 2:29 p.m.•0 views

UBUNTU-CVE-2017-5200

8.8CVSS7.6AI score0.0097EPSS

Exploits0References2

AlpineLinux•added 2017/09/26 2:0 p.m.•39 views

CVE-2017-5192

8.8CVSS8.8AI score0.0048EPSS

Exploits0

CVE•added 2017/09/26 2:0 p.m.•95 views

CVE-2017-5200

CVE-2017-5200 affects SaltStack Salt’s Salt-api via ssh_client, enabling arbitrary command execution on the salt-master. Affected versions include Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2. Mitigation: apply the fixed releases (e.g., Salt 2015.8.13, 2016.3.5,...

9CVSS8.6AI score0.0097EPSS

Exploits0References3Affected Software1

Debian CVE•added 2017/09/26 2:0 p.m.•26 views

CVE-2017-5200

Removed by vendor...

9CVSS8.7AI score0.0097EPSS

Exploits0

Cvelist•added 2017/09/26 2:0 p.m.•14 views

CVE-2017-5192

8.7AI score0.0048EPSS

Exploits0References3

AlpineLinux•added 2017/09/26 2:0 p.m.•42 views

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

9CVSS8.8AI score0.0097EPSS

Exploits0

Tenable Nessus•added 2017/06/20 12:0 a.m.•36 views

SUSE SLES11 Security Update : Salt (SUSE-SU-2017:1581-1)

This update for salt provides version 2016.11.4 and brings various fixes and improvements : - Adding a salt-minion watchdog for RHEL6 and SLES11 systems sysV to restart salt-minion in case of crashes during upgrade. - Fix format error. bsc1043111 - Fix ownership for whole master cache directory...

9CVSS7.6AI score0.0097EPSS

Exploits0References28

Veracode•added 2017/03/20 1:53 a.m.•26 views

Remote Code Execution (RCE)

Salt is vulnerable to remote code execution RCE. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems are enabled...

9CVSS9AI score0.0097EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by