24 matches found
Ubuntu: Security Advisory (USN-6948-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2020:14538-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14538-1 advisory. - An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can resul...
SUSE: Security Advisory (SUSE-SU-2020:3243-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:3155-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:3244-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4837-1 : salt - security update
Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the Salt API using the SSH...
[SECURITY] [DSA 4837-1] salt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4837-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 24, 2021 https://www.debian.org/security/faq -...
Debian: Security Advisory (DLA-2480-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2480-1] salt security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2480-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA December 04, 2020 https://wiki.debian.org/LTS -...
FreeBSD : salt -- multiple vulnerabilities (50259d8b-243e-11eb-8bae-b42e99975750)
SaltStack reports multiple security vulnerabilities in Salt 3002 : - CVE-2020-16846: Prevent shell injections in netapi ssh client. - CVE-2020-17490: Prevent creating world readable private keys with the tls execution module. - CVE-2020-25592: Properly validate eauth credentials and tokens along...
GLSA-202011-13 : Salt: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202011-13 Salt: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...
[ASA-202011-7] salt: multiple issues
Arch Linux Security Advisory ASA-202011-7 ========================================= Severity: Critical Date : 2020-11-10 CVE-ID : CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 Package : salt Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1262 Summary ======= The...
openSUSE: Security Advisory for salt (openSUSE-SU-2020:1868-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2020:3250-1 Security update for SUSE Manager 4.0
This security update for SUSE Manager 4.0 provides the following fixes: py26-compat-salt: - Properly validate eauth credentials and tokens on SSH calls made by Salt API bsc1178319, bsc1178362, bsc1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846 spacewalk-java: - Use correct eauth module an...
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...
elita (>=0.60.0 <=0.64.1) potentially affected by CVE-2020-17490 via salt (=2014.1.10)
salt PYPI version =2014.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - elita =0.60.0, =0.64.1 Source cves: CVE-2020-17490 Source advisory: OSV:PYSEC-2020-105...
CVE-2020-17490
CVE-2020-17490 affects SaltStack Salt (TLS module) up to version 3002, where the TLS execution module creates certificates with weak file permissions. The root cause is improper permissions on certificate files, potentially exposing private keys and enabling unintended access to sensitive materia...
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...
Fedora 33 : salt (2020-5f08623da1)
Update to CVE release 3002.1-1 for Python3 Includes fixes for CVE-2020-16846, CVE-2020-17490, CVE-2020-25592 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it ...