104 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-5200
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via...
Linux Distros Unpatched Vulnerability : CVE-2021-3197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, ...
Linux Distros Unpatched Vulnerability : CVE-2019-17361
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker...
Linux Distros Unpatched Vulnerability : CVE-2021-25281
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can...
SUSE SLES15 Security Update : salt (SUSE-SU-2024:0507-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0507-1 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : salt (SUSE-SU-2024:0510-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0510-1 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application'...
SUSE SLES15 Security Update : salt (SUSE-SU-2024:0506-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0506-1 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
SUSE SLES15 Security Update : salt (SUSE-SU-2023:4390-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4390-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has not tested for this issue but has...
Ubuntu 16.04 ESM : Salt vulnerabilities (USN-4769-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4769-1 advisory. It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to...
SUSE SLES15 Security Update : salt (SUSE-SU-2023:2572-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2572-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Salt (SUSE-SU-2023:2571-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2571-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...
SUSE: Security Advisory (SUSE-SU-2023:2572-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : salt (SUSE-SU-2023:2581-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2581-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
SUSE CVE-2017-5192
When using the localbatch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed...
SUSE CVE-2018-15750
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server...
SUSE CVE-2018-15751
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...
SUSE CVE-2019-17361
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...
SUSE CVE-2020-16846
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...
SUSE CVE-2021-3148
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.genthin command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py...
SUSE CVE-2021-3197
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...