heist-salt (>=1.0.0 <=5.3.1), isalt (>=2019.12.0 <=2021.2.2) +8 more potentially affected by CVE-2025-62348 via salt (=3007.14.0)

salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - heist-salt =1.0.0, =2019.12.0, =2019.6.28a3, =2.6.2.dev0, =2020.7.0, =1.1.1, =22.9.8.0rc1, =0.3.2, =0.5.7 - slskit =2022.4.0 Source cves:...

CVE-2022-0652

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...

EUVD-2018-0930

Malware in sbrugna...

EUVD-2017-15747

Malware in sbrugna...

EUVD-2017-15749

Malware in sbrugna...

EUVD-2017-15831

Malware in sbrugna...

EUVD-2022-25905

Malicious code in bioql PyPI...

EUVD-2021-7039

Malicious code in bioql PyPI...

EUVD-2022-26012

Malicious code in bioql PyPI...

EUVD-2024-18104

Malicious code in bioql PyPI...

EUVD-2024-18041

Malicious code in bioql PyPI...

heist-salt (>=1.0.0 <=5.3.1), isalt (>=2019.12.0 <=2021.2.2) +8 more potentially affected by CVE-2025-22237 via salt (=3007.14.0)

salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - heist-salt =1.0.0, =2019.12.0, =2019.6.28a3, =2.6.2.dev0, =2020.7.0, =1.1.1, =22.9.8.0rc1, =0.3.2, =0.5.7 - slskit =2022.4.0 Source cves:...

heist-salt (>=1.0.0 <=5.3.1), isalt (>=2019.12.0 <=2021.2.2) +8 more potentially affected by CVE-2024-38825 via salt (=3007.14.0)

salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - heist-salt =1.0.0, =2019.12.0, =2019.6.28a3, =2.6.2.dev0, =2020.7.0, =1.1.1, =22.9.8.0rc1, =0.3.2, =0.5.7 - slskit =2022.4.0 Source cves:...

heist-salt (>=1.0.0 <=5.3.1), isalt (>=2019.12.0 <=2021.2.2) +8 more potentially affected by CVE-2024-38822 via salt (=3007.14.0)

salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - heist-salt =1.0.0, =2019.12.0, =2019.6.28a3, =2.6.2.dev0, =2020.7.0, =1.1.1, =22.9.8.0rc1, =0.3.2, =0.5.7 - slskit =2022.4.0 Source cves:...

heist-salt (>=1.0.0 <=5.3.1), isalt (>=2019.12.0 <=2021.2.2) +8 more potentially affected by CVE-2024-38825 via salt (=3007.14.0)

salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - heist-salt =1.0.0, =2019.12.0, =2019.6.28a3, =2.6.2.dev0, =2020.7.0, =1.1.1, =22.9.8.0rc1, =0.3.2, =0.5.7 - slskit =2022.4.0 Source cves:...

heist-salt (>=1.0.0 <=5.3.1), isalt (>=2019.12.0 <=2021.2.2) +8 more potentially affected by CVE-2025-22240 via salt (=3007.14.0)

salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - heist-salt =1.0.0, =2019.12.0, =2019.6.28a3, =2.6.2.dev0, =2020.7.0, =1.1.1, =22.9.8.0rc1, =0.3.2, =0.5.7 - slskit =2022.4.0 Source cves:...

CVE-2022-20655

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...

CVE-2024-20326

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

CVE-2024-20389

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

The vulnerability of the JSON-RPC API function of the Cisco Crosswork Network Services Orchestrator (NSO) and ConfD software, which is used by the web-based management interfaces for Cisco Optical Site Manager and Gigabit VPN routers Cisco RV340 Dual WAN, allows a malicious actor to escalate their privileges.

The vulnerability of the JSON-RPC API function of the Cisco Crosswork Network Services Orchestrator NSO and ConfD software, which is used by the Cisco Optical Site Manager and Gigabit VPN routers Cisco RV340 Dual WAN control web interfaces, is related to incorrect authentication checks in the API...