CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

853 matches found

Debian CVE•added 2013/11/05 6:0 p.m.•21 views

CVE-2013-6617

Removed by vendor...

10CVSS6.7AI score0.01705EPSS

Exploits0

Cvelist•added 2013/11/05 6:0 p.m.•15 views

CVE-2013-4439

Salt aka SaltStack before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key...

6.1AI score0.00193EPSS

Exploits0References3

Debian CVE•added 2013/11/05 6:0 p.m.•15 views

CVE-2013-4437

Removed by vendor...

10CVSS6.7AI score0.00675EPSS

Exploits0

Cvelist•added 2013/11/05 6:0 p.m.•16 views

CVE-2013-4436

The default configuration for salt-ssh in Salt aka SaltStack 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle MITM attack...

6.8AI score0.00711EPSS

Exploits0References2

Debian CVE•added 2013/11/05 6:0 p.m.•20 views

CVE-2013-4436

Removed by vendor...

9.3CVSS6.7AI score0.00711EPSS

Exploits0

CVE•added 2013/11/05 6:0 p.m.•60 views

CVE-2013-4439

Salt (SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. Affected versions: up to 0.17.0. Impact: impersonation by an authenticated minion. Remediation: upgrade to 0.17.1 or later (e.g., Fedora adviso...

4.9CVSS6.2AI score0.00193EPSS

Exploits0References3Affected Software1

Cvelist•added 2013/11/05 6:0 p.m.•13 views

CVE-2013-4437

Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...

6.3AI score0.00675EPSS

Exploits0References2

CVE•added 2013/11/05 6:0 p.m.•45 views

CVE-2013-4437

Technical details for CVE-2013-4437 are not publicly provided in the supplied documents. Monitor for updates and new disclosures.

10CVSS6.4AI score0.00675EPSS

Exploits0References2Affected Software1

CVE•added 2013/11/05 6:0 p.m.•43 views

CVE-2013-4436

CVE-2013-4436 concerns SaltStack’s salt-ssh default configuration (Salt 0.17.0) that does not validate the SSH host key, enabling MITM-style impact. Multiple connected sources (GHSA-F22J-37JJ-CXW9, OSV, NVD variant) corroborate the MITM risk but do not provide exploit details. A remediation menti...

9.3CVSS6.9AI score0.00711EPSS

Exploits0References2Affected Software1

Debian CVE•added 2013/11/05 6:0 p.m.•14 views

CVE-2013-4439

Removed by vendor...

4.9CVSS6.7AI score0.00193EPSS

Exploits0

Debian CVE•added 2013/11/05 6:0 p.m.•20 views

CVE-2013-4435

Removed by vendor...

6CVSS6.7AI score0.00324EPSS

Exploits0

CVE•added 2013/11/05 6:0 p.m.•46 views

CVE-2013-4438

SaltStack (Salt) before 0.17.1 is vulnerable to remote code execution via YAML loading with unspecified vectors. The issue is evidenced by multiple feeds: CVE-2013-4438 states that an attacker can execute arbitrary YAML code, with the vendor noting the YAML may already be safe. Public references ...

7.5CVSS7.7AI score0.0057EPSS

Exploits0References2Affected Software1

CVE•added 2013/11/05 6:0 p.m.•45 views

CVE-2013-6617

CVE-2013-6617 affects Salt master (SaltStack) versions 0.11.0–0.17.0, where the process does not properly drop group privileges, enabling privilege escalation by remote attackers. The issue is documented across multiple feeds (NVD entry for CVE-2013-6617 and related advisories). Impact stated: at...

10CVSS6.9AI score0.01705EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by