Ubuntu: Security Advisory (USN-8153-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20260401-73-0045

Vulnerability in salt related to flaws in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

ROS-20260401-73-0044

Vulnerability in salt related to incorrect code generation control. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2025-62349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using ...

applier (>=0.1.0 <=0.4.0), elita (>=0.60.0 <=0.64.1) +1 more potentially affected by CVE-2025-62348 via salt (>=2014.1.10 <=3005.5.0)

salt PYPI version =2014.1.10, =0.1.0, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2025-62348 Source advisory: OSV:GHSA-77W2-V593-VXVV...

aws-ork (>=0.4.3 <=0.4.5), elita (=0.59.3) +84 more potentially affected by CVE-2025-62348 via salt (=3007.14.0)

salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - aws-ork =0.4.3, =1.0.0, =2019.12.0, =2019.1.30a2, =2.6.2.dev0, =24.3.12.0rc1, =0.1.0rc1, =0.0.1, =0.0.1, =2022.2.0, =1.2.3, =1.3.0 and more Source...

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

Salt security vulnerabilities

Salt is an automated, infrastructure management, data-driven orchestration, and remote execution application within the Salt project. There is a security vulnerability in Salt, which stems from the use of insecure YAML decoding/loading in the junos execution module. This may lead to the execution...

AVideo 安全漏洞

AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions 14.3.1 through prior to 20.1, which stems from the use of PHP uniqid to generate predictable installation salt values that could lead to remote code...

SUSE-SU-2025:21218-1 Security update for salt

This update for salt fixes the following issues: salt: - Security issues fixed: - CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 - CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 - Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...

EUVD-2016-0033

Malware in sbrugna...

EUVD-2018-17321

Malware in sbrugna...

EUVD-2022-4798

Malicious code in bioql PyPI...

EUVD-2025-18254

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-9639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. CVE-2016-9639 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2016-1866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in- the-middle attackers to execute arbitrary code by...

Linux Distros Unpatched Vulnerability : CVE-2015-8034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the...

Linux Distros Unpatched Vulnerability : CVE-2021-25315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary co...

Fedora 41 : salt (2025-b712778148)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b712778148 advisory. Contains fixes for regressions introduced during CVE bugfix update 3007.4. Tenable has extracted the preceding description block directly from the Fedora...

Directory Traversal

Salt is vulnerable to Directory Traversal. The vulnerability is due to improper input validation due to the recvfile method allowing arbitrary files to be written to the master cache directory through crafted path input...