Lucene search
K

14 matches found

OpenVAS
OpenVAS
added 2025/10/28 12:0 a.m.6 views

Fedora: Security Advisory (FEDORA-2025-551aed076e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS6.8AI score0.00982EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/07/29 12:0 a.m.8 views

SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2025:02534-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02534-1 advisory. - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability t...

9.6CVSS7.3AI score0.00982EPSS
Exploits0References38
Tenable Nessus
Tenable Nessus
added 2025/07/24 12:0 a.m.4 views

SUSE SLES15: python311-salt / salt / salt-api / salt-bash-completion / salt-doc / etc (SUSE-SU-2025:02502-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02502-1 advisory. - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay...

9.6CVSS7.3AI score0.00982EPSS
Exploits0References38
SUSE Linux
SUSE Linux
added 2025/07/23 1:41 p.m.2 views

Security update for salt

This update for salt fixes the following issues: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability...

9.6CVSS7.6AI score0.00982EPSS
Exploits0References52
OSV
OSV
added 2025/07/23 12:37 p.m.4 views

SUSE-SU-2025:02476-1 Security update 4.3.16 for Multi-Linux Manager Server

This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.16 Important Salt Security Update Added support for SUSE Linux Enterprise 15 SP7 as a client using the Salt Bundle CVE Fixed CVE-2025-23392, CVE-2025-23393, CVE-2024-38824, CVE-2025-22239 CVE-2025-2223...

9.8CVSS5.8AI score0.10353EPSS
Exploits1References73
Tenable Nessus
Tenable Nessus
added 2025/07/01 12:0 a.m.15 views

Fedora 42 : salt (2025-a5d73a0399)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a5d73a0399 advisory. - Resolves CVE-2024-38824 RHBZ2372731 - Resolves CVE-2024-38824 RHBZ2372733 - Resolves CVE-2025-22239 RHBZ2372732 - Resolves CVE-2025-22239...

9.6CVSS5.5AI score0.00982EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/06/13 5:34 p.m.6 views

CVE-2025-22240

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to. Mitigation...

6.3CVSS6.1AI score0.00143EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/06/13 9:30 a.m.7 views

heist-salt (>=1.0.0 <=5.3.1), isalt (>=2019.12.0 <=2021.2.2) +9 more potentially affected by CVE-2025-22240 via salt (=3007.14.0)

salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - heist-salt =1.0.0, =2019.12.0, =2019.6.28a3, =2.6.2.dev0, =2020.7.0, =1.1.1, =22.9.8.0rc1, =0.3.2, =0.5.7 - slskit =2022.4.0 Source cves:...

6.3CVSS6.5AI score0.00143EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/13 7:43 a.m.8 views

heist-salt (>=1.0.0 <=5.3.1), isalt (>=2019.12.0 <=2021.2.2) +9 more potentially affected by CVE-2025-22240 via salt (=3007.14.0)

salt PYPI version =3007.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on salt and may be impacted: - heist-salt =1.0.0, =2019.12.0, =2019.6.28a3, =2.6.2.dev0, =2020.7.0, =1.1.1, =22.9.8.0rc1, =0.3.2, =0.5.7 - slskit =2022.4.0 Source cves:...

6.3CVSS6.5AI score0.00143EPSS
Exploits0
Circl
Circl
added 2025/06/13 7:28 a.m.17 views

CVE-2025-22240

creationtimestamp| type| source ---|---|--- 2025-06-13 07:28:24+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lrhvusayjkx2 2025-06-13 07:33:13+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18273 2025-06-13 11:48:25+00:00| seen|...

6.3CVSS5.3AI score0.00143EPSS
Exploits0References3
NVD
NVD
added 2025/06/13 7:15 a.m.9 views

CVE-2025-22240

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...

6.3CVSS0.00143EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/13 7:3 a.m.16 views

CVE-2025-22240 CVE-2025-22240 salt advisory

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...

6.3CVSS0.00143EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/13 7:3 a.m.4 views

CVE-2025-22240 CVE-2025-22240 salt advisory

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...

6.3CVSS7.1AI score0.00143EPSS
Exploits0References2
CVE
CVE
added 2025/06/13 7:3 a.m.63 views

CVE-2025-22240

CVE-2025-22240 is a local, GitFS-related vulnerability in Salt where the find_file method constructs a path with unvalidated tgt_env input, enabling an attacker with file-system write access to create or delete files on the Salt Master. The issue is addressed in SUSE advisories (e.g., SUSE-SU-202...

6.3CVSS6.3AI score0.00143EPSS
Exploits0References2
Rows per page
Query Builder