PYSEC-2014-18

Multiple unspecified vulnerabilities in Salt aka SaltStack before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in 1 seed.py, 2 salt-ssh, or 3 salt-cloud...

UBUNTU-CVE-2014-3563

Multiple unspecified vulnerabilities in Salt aka SaltStack before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in 1 seed.py, 2 salt-ssh, or 3 salt-cloud...

CVE-2014-3563

Removed by vendor...

CVE-2014-3563

Multiple unspecified vulnerabilities in Salt aka SaltStack before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in 1 seed.py, 2 salt-ssh, or 3 salt-cloud...

CVE-2014-3563

CVE-2014-3563 affects Salt (SaltStack) before 2014.1.10. The issue relates to insecure temporary file creation in components (seed.py, salt-ssh, salt-cloud), allowing local attackers to write to arbitrary files and potentially achieve DoS or arbitrary code execution. The available connected docum...

CVE-2013-6617

The salt master in Salt aka SaltStack 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges...

CVE-2013-4439

Salt aka SaltStack before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key...

CVE-2013-4436

The default configuration for salt-ssh in Salt aka SaltStack 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle MITM attack...

CVE-2013-4435

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

CVE-2013-4438

Salt aka SaltStack before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe...

CVE-2013-4435

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

Authentication flaw

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

PYSEC-2013-15

The salt master in Salt aka SaltStack 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges...

PYSEC-2013-13

Salt aka SaltStack before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe...

Code injection

Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...

PYSEC-2013-26

The default configuration for salt-ssh in Salt aka SaltStack 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle MITM attack...

UBUNTU-CVE-2013-6617

The salt master in Salt aka SaltStack 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges...

PYSEC-2013-12

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

Code injection

The salt master in Salt aka SaltStack 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges...

CVE-2013-4436

The default configuration for salt-ssh in Salt aka SaltStack 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle MITM attack...