CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Tenable Nessus•added 2025/09/03 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2021-31607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion...

7.8CVSS7AI score0.03808EPSS

Exploits1References2

OSV•added 2022/05/24 5:48 p.m.•33 views

GHSA-HCJF-RP5H-G5H3 Command Injection in SaltStack Salt

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

7.8CVSS7.9AI score0.03808EPSS

Exploits1References14

Github Security Blog•added 2022/05/24 5:48 p.m.•35 views

Command Injection in SaltStack Salt

7.8CVSS4.6AI score0.03808EPSS

Exploits1References15Affected Software1

BDU FSTEC•added 2022/02/07 12:0 a.m.•4 views

The vulnerability of the snapper module in the configuration management system and remote execution of SaltStack Salt allows a perpetrator to gain increased privileges.

The vulnerability of the snapper module in the Configuration Management system and the remote execution of SaltStack Salt is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow attackers to enhance their privileges through a special...

7.8CVSS7.7AI score0.03808EPSS

Exploits1References13Affected Software6

Tenable Nessus•added 2021/11/03 12:0 a.m.•42 views

SaltStack 3000.x < 3001.8 / 3002.x < 3002.7 / 3003.x < 3003.3 Privilege Escalation

According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by a command injection vulnerability that may result in privilege escalation. This vulnerability exists in the snapper module and allows for the possibility of local privilege escalati...

7.8CVSS8.1AI score0.03808EPSS

Exploits1References2

Tenable Nessus•added 2021/07/16 12:0 a.m.•45 views

openSUSE 15 Security Update : salt (openSUSE-SU-2021:1951-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1951-1 advisory. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation...

7.8CVSS8.1AI score0.03808EPSS

Exploits1References5

OPENSUSE Linux•added 2021/07/11 12:0 a.m.•28 views

Security update for salt (important)

openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:1951-1 Rating: important References: 1185281 1186674 ECO-3212 SLE-18028 SLE-18033 Cross-References: CVE-2021-31607 CVSS scores: CVE-2021-31607 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607...

7CVSS9.1AI score0.03808EPSS

Exploits1References5

Tenable Nessus•added 2021/06/12 12:0 a.m.•69 views

SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2021:1951-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:1951-1 advisory. - In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege...

7.8CVSS8.1AI score0.03808EPSS

Exploits1References5

NCSC•added 2021/05/26 12:0 a.m.•2 views

Vulnerability fixed in Salt

A vulnerability has been fixed in Salt. A malicious person could vulnerability potentially exploit it to execute execute arbitrary code. To do this, the malicious party must have the ability to place a rogue file on a Salt monitored device. This file should then be passed through the Snapper modu...

7.8CVSS7AI score0.03808EPSS

Exploits1

RedhatCVE•added 2021/04/23 7:43 p.m.•28 views

CVE-2021-31607

A flaw was found in Salt. A command injection vulnerability occurs in the snapper module that allows local privilege escalation on a minion. This attack requires the creation of a file with a pathname that is backed up by snapper, with the master calling the snapper.diff function. Snapper.diff...

7.8CVSS4.5AI score0.03808EPSS

Exploits1References3

OSV•added 2021/04/23 6:15 a.m.•31 views

CVE-2021-31607

7.8CVSS7.8AI score

Exploits0References8

NVD•added 2021/04/23 6:15 a.m.•12 views

CVE-2021-31607

7.8CVSS0.03808EPSS

Exploits1References8

Prion•added 2021/04/23 6:15 a.m.•25 views

Command injection

4.6CVSS7.9AI score0.03808EPSS

Exploits1References8Affected Software2

PyPA•added 2021/04/23 6:15 a.m.•4 views

PYSEC-2021-56

7.8CVSS7.6AI score0.03808EPSS

Exploits1References3Affected Software1

UbuntuCve•added 2021/04/23 6:15 a.m.•26 views

CVE-2021-31607

7.8CVSS7.1AI score0.03808EPSS

Exploits1References2

OSV•added 2021/04/23 6:15 a.m.•30 views

PYSEC-2021-56

7.8CVSS4.2AI score0.03808EPSS

Exploits1References3

OSV•added 2021/04/23 6:15 a.m.•0 views

UBUNTU-CVE-2021-31607

7.8CVSS7.3AI score0.03808EPSS

Exploits1References3

Cvelist•added 2021/04/23 12:0 a.m.•35 views

CVE-2021-31607

8.2AI score0.03808EPSS

Exploits1References8

CVE•added 2021/04/23 12:0 a.m.•300 views

CVE-2021-31607

CVE-2021-31607 affects SaltStack Salt 2016.9 through 3002.6, via a command injection in the snapper module that enables local privilege escalation on a minion. The attack requires creation of a file with a path backed up by snapper, followed by the master invoking snapper.diff, which executes pop...

7.8CVSS7.8AI score0.03808EPSS

Exploits1References8Affected Software1