CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

853 matches found

CVE•added 2017/10/24 5:0 p.m.•68 views

CVE-2017-14695

CVE-2017-14695 is a SaltStack Salt directory traversal vulnerability in minion_id validation. It affects Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2, enabling remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. This iss...

9.8CVSS9.1AI score0.00331EPSS

Exploits0References7Affected Software1

Debian CVE•added 2017/10/24 5:0 p.m.•22 views

CVE-2017-14695

Removed by vendor...

9.8CVSS9.4AI score0.00331EPSS

Exploits0

Debian CVE•added 2017/10/24 5:0 p.m.•18 views

CVE-2017-14696

Removed by vendor...

7.5CVSS8.6AI score0.01854EPSS

Exploits0

RedhatCVE•added 2017/10/19 12:25 p.m.•23 views

CVE-2017-14695

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an...

9.8CVSS5AI score0.00924EPSS

Exploits0References1

RedhatCVE•added 2017/10/17 5:26 p.m.•23 views

CVE-2017-14696

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request...

7.5CVSS5.7AI score0.01854EPSS

Exploits0References1

CNVD•added 2017/10/11 12:0 a.m.•2 views

salt information leakage vulnerability

Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. in the United States. The tool provides configuration management , remote execution and other functions , able to manage tens of thousands of servers , with the ability to quickly complete the data...

6.3CVSS6.5AI score0.00298EPSS

Exploits0References1

Cvelist•added 2017/10/10 4:0 p.m.•18 views

CVE-2015-6918

salt before 2015.5.5 leaks git usernames and passwords to the log...

7.7AI score0.00298EPSS

Exploits0References2

FreeBSD•added 2017/10/09 12:0 a.m.•65 views

salt -- multiple vulnerabilities

SaltStack reports: Directory traversal vulnerability in minion id validation in SaltStack. Allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for discovering the security flaw goes to: Julian Brost [email protected]. NOTE: this vulnerabili...

9.8CVSS8.7AI score0.00924EPSS

Exploits0References4

CNVD•added 2017/09/27 12:0 a.m.•1 views

SaltStack Salt Arbitrary Command Execution Vulnerability

SaltStack Salt a.k.a. SaltStack is an open source set of tools for managing infrastructure from the American company SaltStack. A security vulnerability exists in the Salt-api in SaltStack Salt. An attacker can exploit this vulnerability to execute arbitrary commands with the help of sshclient in...

9CVSS7.5AI score0.0097EPSS

Exploits0References1

CNVD•added 2017/09/27 12:0 a.m.•2 views

SaltStack Salt Code Execution Vulnerability

SaltStack Salt a.k.a. SaltStack is an open source set of tools for managing infrastructure from the American company SaltStack. A security vulnerability exists in SaltStack Salt. The vulnerability can be exploited by an attacker to execute code when using the localbatch client...

8.8CVSS7.3AI score0.0048EPSS

Exploits0References1

OSV•added 2017/09/26 2:29 p.m.•15 views

CVE-2017-5192

When using the localbatch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed...

8.8CVSS7.3AI score

Exploits0References3

NVD•added 2017/09/26 2:29 p.m.•8 views

CVE-2017-5192

8.8CVSS8.8AI score0.0048EPSS

Exploits0References3

Prion•added 2017/09/26 2:29 p.m.•11 views

Authentication flaw

6.5CVSS8.7AI score0.0048EPSS

Exploits0References3Affected Software1

NVD•added 2017/09/26 2:29 p.m.•12 views

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

9CVSS8.8AI score0.0097EPSS

Exploits0References3

PyPA•added 2017/09/26 2:29 p.m.•4 views

PYSEC-2017-39

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

9CVSS7.4AI score0.0097EPSS

Exploits0References3Affected Software1

OSV•added 2017/09/26 2:29 p.m.•18 views

PYSEC-2017-38

8.8CVSS3AI score0.0048EPSS

Exploits0References3

UbuntuCve•added 2017/09/26 2:29 p.m.•19 views

CVE-2017-5192

8.8CVSS7.4AI score0.0048EPSS

Exploits0References2

UbuntuCve•added 2017/09/26 2:29 p.m.•23 views

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled...

9CVSS7.6AI score0.0097EPSS

Exploits0References1

OSV•added 2017/09/26 2:29 p.m.•0 views

UBUNTU-CVE-2017-5192

8.8CVSS7.5AI score0.0048EPSS

Exploits0References3

OSV•added 2017/09/26 2:29 p.m.•19 views

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

8.8CVSS7AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by