21 matches found
SUSE CVE-2025-22240
Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...
CVE-2025-22237
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process. Mitigation Mitigation for this issue is either not available or...
GHSA-FCR4-H6C4-RVVP Salt's on demand pillar functionality vulnerable to arbitrary command injections
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...
Salt's on demand pillar functionality vulnerable to arbitrary command injections
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...
CVE-2025-22237
CVE-2025-22237 describes an escalation where an attacker with a minion key can abuse Salt’s on-demand pillar via a specially crafted git URL to execute arbitrary commands on the Salt Master with master privileges. The connected Nessus/SUSE advisories state that this issue was mitigated/fixed (as ...
Salt 安全漏洞
Salt is an automation, infrastructure management, data-driven orchestration and remote execution application from the Salt project. A security vulnerability exists in Salt that stems from a specially crafted git URL that could trigger the master process to execute arbitrary commands...
Denial Of Service (DoS)
salt is vulnerable to denial of serviceDoS attacks. A malicious user is able to perform MiTM attacks to force a minion process to stop by impersonating a master process, causing the application to crash...
GHSA-RF3M-MHV7-X39F Denial of Service in OpenShift Origin
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...
Siren Investigate 代码问题漏洞
Siren Investigate is a front-end to the Siren platform from Siren Ireland, allowing the creation of dashboards, charts, link analysis, alerts, etc. A code issue vulnerability exists in Siren Investigate that stems from the product's failure to properly handle the product's cluster functionality. ...
Arbitrary Directory Access
salt allows arbitrary directory access. The salt-master process in ClearFuncs class allows access to some methods that improperly sanitize paths and the methods allow authenticated users to access arbitrary directories...
PT-2018-4564 · Php +3 · Php +3
Name of the Vulnerable Software and Affected Versions: PHP versions prior to 7.3.0alpha3 PHP versions prior to 7.2.8 PHP versions prior to 7.1.20 Description: An issue was discovered where the php-fpm master process restarts a child process in an endless loop when using program execution function...
Denial Of Service (DoS)
github.com/kubernetes/kubernetes is vulnerable to denial of service attacks. These attacks can be triggered by invalid JSON data. The invalid JSON data causes github.com/kubernetes/kubernetes to panic and cause a nil pointer dereference causing the master process to crash. This is related to...
ISC BIND Query Packet Cookie Option Denial of Service Vulnerability
ISC BIND is a set of open source software that implements the DNS protocol. BIND 9.10 provides native support for DNS cookies or user identification, a mechanism designed to protect the security of the query requestor and domain name servers when they interact. An attacker can maliciously constru...
Red Hat OpenShift Origin API Server Denial of Service Vulnerability
Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. A security vulnerability in the API server of Red Hat OpenShift Origin version 1.0.5 can be exploited by a remote attacker to cause a denial of service crash of the master process with specially craft...
OpenShift: Malformed JSON can cause API process crash
It was found that improper error handling in the API server could cause the master process to crash. A user with network access to the master could use this flaw to crash the master process...
Dovecot: Busy master process, receiving a lot of SIGCHLD signals rapidly while logging, could die
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service master process outage by simultaneously disconnecting many 1 IMAP or 2 POP3 sessions...
Medium security hole in Varnish reverse proxy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20090908 Date: 26th September 2009 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: Varnish 2.0.4 http://www.varnish-cache.org/ Vendor:...
httpd scoreboard lack of PID protection
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...
httpd scoreboard lack of PID protection
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...
CVE-2007-3304
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...