Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

853 matches found

CVE
CVEadded 2021/09/08 12:0 a.m.237 views

CVE-2021-21996

CVE-2021-21996 affects SaltStack Salt prior to 3003.3. A user who controls the source and source_hash URLs can gain full filesystem access as root on a Salt minion. The connected Nessus/Gentoo GLSA entries corroborate the vulnerability in Salt and point to a remediation path: upgrade Salt to a ne...

7.5CVSS7.5AI score0.02263EPSS
Exploits0References8Affected Software1
CNNVD
CNNVDadded 2021/09/08 12:0 a.m.1 views

Saltstack SaltStack Salt 安全漏洞

Saltstack SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. SaltStack Salt versions prior to Salt 3003.3 have a security vulnerability that allows a user with a contr...

7.5CVSS8.1AI score0.02263EPSS
Exploits0References12
AlpineLinux
AlpineLinuxadded 2021/09/08 12:0 a.m.27 views

CVE-2021-21996

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and sourcehash URLs can gain full file system access as root on a salt minion...

7.5CVSS7.8AI score0.02263EPSS
Exploits0
CNNVD
CNNVDadded 2021/09/08 12:0 a.m.1 views

SaltStack Salt竞争条件问题漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A competitive condition issue vulnerability exists in SaltStack Salt versions prior to Salt 3003.3, which stems from the fact...

6.4CVSS7.5AI score0.0014EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2021/09/08 12:0 a.m.2 views

PT-2021-14842 · Saltstack +1 · Saltstack Salt +1

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3003.3 Description: An issue was discovered that allows a malicious actor to subvert the proper behavior of the minion software. This occurs when the salt minion installer accepts and uses a minion config file...

9.8CVSS7.2AI score0.94387EPSS
Exploits15References71
The Hacker News
The Hacker Newsadded 2021/08/23 1:27 p.m.436 views

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That's according to an in-depth look at the Linu...

10CVSS9.4AI score0.94489EPSS
Exploits243
Tenable Nessus
Tenable Nessusadded 2021/07/16 12:0 a.m.45 views

openSUSE 15 Security Update : salt (openSUSE-SU-2021:1951-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1951-1 advisory. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation...

7.8CVSS8.1AI score0.04548EPSS
Exploits1References5
Tenable Nessus
Tenable Nessusadded 2021/06/28 12:0 a.m.32 views

SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2021:14753-1)

The remote SUSE Linux SLES11 / SLESSAP11 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:14753-1 advisory. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege...

7.8CVSS8.1AI score0.04548EPSS
Exploits1References11
Tenable Nessus
Tenable Nessusadded 2021/06/10 12:0 a.m.42 views

SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2020:14538-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14538-1 advisory. - An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can resul...

9.8CVSS7.3AI score0.94387EPSS
Exploits5References13
Tenable Nessus
Tenable Nessusadded 2021/06/10 12:0 a.m.59 views

SUSE SLES11 Security Update : salt (SUSE-SU-2021:14650-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14650-1 advisory. - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process...

9.8CVSS7.1AI score0.93846EPSS
Exploits8References33
Metasploit
Metasploitadded 2021/05/18 5:42 p.m.82 views

SaltStack Salt Information Gatherer

This module gathers information from SaltStack Salt masters and minions. Data gathered from minions: 1. salt minion config file Data gathered from masters: 1. minion list denied, pre, rejected, accepted 2. minion hostname/ip/os depending on module settings 3. SLS 4. roster, any SSH keys are...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2021/05/12 12:0 a.m.39 views

Fedora 33 : salt (2021-5aaebdae8e)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-5aaebdae8e advisory. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation...

7.8CVSS8.1AI score0.04548EPSS
Exploits1References2
CNVD
CNVDadded 2021/04/27 12:0 a.m.5 views

SaltStack Salt Elevation of Privilege Vulnerability

Saltstack SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions 2016.9 through 3002.6, which stems from a comma...

7.8CVSS7.4AI score0.04548EPSS
Exploits1References1
Check Point Advisories
Check Point Advisoriesadded 2021/04/25 12:0 a.m.2 views

SaltStack Salt Method Directory Traversal (CVE-2021-25282)

A directory traversal vulnerability exists in the WheelClient for Salt API, a component of SaltStack Salt. The vulnerability is due to improper validation of user-supplied in the pillarroots.write method...

6.4CVSS3.7AI score0.91286EPSS
Exploits5
OSV
OSVadded 2021/04/23 6:15 a.m.26 views

CVE-2021-31607

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

7.8CVSS7.8AI score
Exploits0References8
NVD
NVDadded 2021/04/23 6:15 a.m.12 views

CVE-2021-31607

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

7.8CVSS0.04548EPSS
Exploits1References8
OSV
OSVadded 2021/04/23 6:15 a.m.0 views

UBUNTU-CVE-2021-31607

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

7.8CVSS7.3AI score0.04548EPSS
Exploits1References3
Prion
Prionadded 2021/04/23 6:15 a.m.20 views

Command injection

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

4.6CVSS7.9AI score0.04548EPSS
Exploits1References8Affected Software2
OSV
OSVadded 2021/04/23 6:15 a.m.28 views

PYSEC-2021-56

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

7.8CVSS4.2AI score0.04548EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2021/04/23 6:15 a.m.26 views

CVE-2021-31607

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

7.8CVSS7.1AI score0.04548EPSS
Exploits1References2
Rows per page
Query Builder