CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

PYSEC-2023-47

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file...

PYSEC-2023-47

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file...

Buffer overflow

DISPUTED Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

CVE-2021-33226

SaltStack Salt vulnerability CVE-2021-33226 affects v.3003 and earlier. The issue is a Buffer Overflow in salt/salt/modules/status.py (func variable) that could allow arbitrary code execution. Multiple connected sources (Red Hat, SUSE, OSV, NVD, etc.) describe the same flaw and note that the clai...

CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt v.3003 and earlier versions that originated from allowing an attacker to...

CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

SUSE CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

SUSE CVE-2015-1839

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp...

SUSE CVE-2015-1838

modules/serverdensitydevice.py in SaltStack before 2014.7.4 does not properly handle files in /tmp...

SUSE CVE-2017-5192

When using the localbatch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed...

SUSE CVE-2017-7893

In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...

SUSE CVE-2017-8109

The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...

SUSE CVE-2017-12791

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID...

SUSE CVE-2017-14695

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an...

SUSE CVE-2017-14696

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request...

SUSE CVE-2018-15751

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...

SUSE CVE-2019-1010259

SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.userchpass function from the MySQL module for Salt. The attack vector is: specially crafted...

SUSE CVE-2020-11652

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users...