Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0037

Malware in sbrugna...

10CVSS6.1AI score0.03049EPSS
Exploits0References6
OSV
OSV
added 2025/06/13 9:30 a.m.5 views

GHSA-C46W-GR7F-JM2P Salt vulnerable to arbitrary event injection

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

8.1CVSS7.5AI score0.00159EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/13 9:30 a.m.6 views

Salt vulnerable to arbitrary event injection

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

8.1CVSS8.2AI score0.00159EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/06/13 7:15 a.m.10 views

CVE-2025-22239

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

8.1CVSS0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/13 7:0 a.m.5 views

CVE-2025-22239 CVE-2025-22239 salt advisory

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

8.1CVSS7.5AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.3 views

PT-2025-25394

Name of the Vulnerable Software and Affected Versions Salt Master affected versions not specified Description The issue allows arbitrary event injection on the Salt Master. An authorized minion can use the master's minion event method to send arbitrary events onto the master's event bus...

8.1CVSS7.3AI score0.00159EPSS
Exploits0References149
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.6 views

PT-2025-25396

Name of the Vulnerable Software and Affected Versions Salt Master affected versions not specified Description The issue arises when the VirtKey class is called upon requesting "on-demand pillar" data. It utilizes un-validated input to create paths to the "pki directory". This functionality is use...

5.6CVSS6.2AI score0.00166EPSS
Exploits0References147
Rows per page
Query Builder