CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

853 matches found

OSV•added 2022/06/25 7:21 a.m.•32 views

GHSA-FPXM-FPRW-6HXJ Salt's PAM auth fails to reject locked accounts

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

7.7CVSS8.4AI score0.00504EPSS

Exploits0References7

Github Security Blog•added 2022/06/25 7:21 a.m.•39 views

Salt's PAM auth fails to reject locked accounts

8.8CVSS4.4AI score0.00504EPSS

Exploits0References6Affected Software1

Tenable Nessus•added 2022/06/24 12:0 a.m.•49 views

SUSE SLES15 Security Update : salt (SUSE-SU-2022:2159-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2159-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allow...

8.8CVSS8.2AI score0.00504EPSS

Exploits0References4

NVD•added 2022/06/23 5:15 p.m.•15 views

CVE-2022-22967

8.8CVSS0.00504EPSS

Exploits0References3

OSV•added 2022/06/23 5:15 p.m.•16 views

CVE-2022-22967

8.8CVSS8.5AI score

Exploits0References3

Prion•added 2022/06/23 5:15 p.m.•14 views

Design/Logic Flaw

6.5CVSS8.3AI score0.00504EPSS

Exploits0References3Affected Software1

PyPA•added 2022/06/23 5:15 p.m.•8 views

PYSEC-2022-210

8.8CVSS6.9AI score0.00504EPSS

Exploits0References3Affected Software1

OSV•added 2022/06/23 5:15 p.m.•25 views

PYSEC-2022-210

8.8CVSS5AI score0.00504EPSS

Exploits0References3

Tenable Nessus•added 2022/06/23 12:0 a.m.•107 views

SUSE SLES12 Security Update : salt (SUSE-SU-2022:2154-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2154-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allow...

8.8CVSS8.2AI score0.00504EPSS

Exploits0References4

CNNVD•added 2022/06/23 12:0 a.m.•2 views

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3002.9, prior to 3003.5, and prior to 3004.2, which stems...

8.8CVSS8.3AI score0.00504EPSS

Exploits0References9

UbuntuCve•added 2022/06/23 12:0 a.m.•25 views

CVE-2022-22967

8.8CVSS7.2AI score0.00504EPSS

Exploits0References2

Vulnrichment•added 2022/06/22 12:0 a.m.•3 views

CVE-2022-22967

8.5AI score0.00504EPSS

Exploits0References3

CVE•added 2022/06/22 12:0 a.m.•835 views

CVE-2022-22967

CVE-2022-22967 affects SaltStack Salt prior to 3002.9, 3003.5, and 3004.2. The issue is that PAM authentication fails to reject locked accounts, allowing a previously authorized user with an active or API session to run Salt commands even when the account is locked (including salt-api via PAM eau...

8.8CVSS8.3AI score0.00504EPSS

Exploits0References3Affected Software1

Cvelist•added 2022/06/22 12:0 a.m.•19 views

CVE-2022-22967

8.7AI score0.00504EPSS

Exploits0References3

Positive Technologies•added 2022/06/22 12:0 a.m.•3 views

PT-2022-3075 · Saltstack +2 · Saltstack Salt +2

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.9 SaltStack Salt versions prior to 3003.5 SaltStack Salt versions prior to 3004.2 Description: An issue was discovered in SaltStack Salt where PAM auth fails to reject locked accounts. This allows a...

9.8CVSS7.2AI score0.94387EPSS

Exploits15References110

Debian CVE•added 2022/06/22 12:0 a.m.•35 views

CVE-2022-22967

Removed by vendor...

8.8CVSS9.2AI score0.00504EPSS

Exploits0

OSSF Malicious Packages•added 2022/06/20 6:20 p.m.•3 views

Malicious code in @saltstack/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75563d2d7b460d1909f992784d7e77bf0a634b676c914c03c8d4b4a9b9e79319 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2022/06/20 6:20 p.m.•3 views

MAL-2022-570 Malicious code in @saltstack/fetlife-assets (npm)

7AI score

Exploits0References1

OSV•added 2022/05/24 7:13 p.m.•27 views

GHSA-XF37-QCVF-7M57 Improper Authentication in SaltStack Salt

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

7.5CVSS6.2AI score0.0014EPSS

Exploits0References8

Github Security Blog•added 2022/05/24 7:13 p.m.•30 views

Improper Authentication in SaltStack Salt

6.4CVSS2.9AI score0.0014EPSS

Exploits0References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by