13 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-17361
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker...
SUSE: Security Advisory (SUSE-SU-2020:0684-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS : Salt vulnerabilities (USN-4459-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4459-1 advisory. It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract...
Ubuntu: Security Advisory (USN-4459-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-4676-2)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for salt (openSUSE-SU-2020:0357-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-17361
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...
[ASA-202001-7] salt: arbitrary command execution
Arch Linux Security Advisory ASA-202001-7 ========================================= Severity: Medium Date : 2020-01-29 CVE-ID : CVE-2019-17361 Package : salt Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1087 Summary ======= The package salt before...
CVE-2019-17361
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...
elita (>=0.60.0 <=0.64.1) potentially affected by CVE-2019-17361 via salt (=2014.1.10)
salt PYPI version =2014.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - elita =0.60.0, =0.64.1 Source cves: CVE-2019-17361 Source advisory: OSV:PYSEC-2020-177...
CVE-2019-17361
CVE-2019-17361 affects Salt before 2019.2.3, where the salt-api NET API with the ssh client enabled is vulnerable to remote command execution. The vulnerability allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. Affected advi...
CVE-2019-17361
Removed by vendor...
CVE-2019-17361
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...