Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

853 matches found

AlpineLinux
AlpineLinuxadded 2021/02/27 12:0 a.m.36 views

CVE-2021-25283

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks...

9.8CVSS9.7AI score0.10038EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2021/02/27 12:0 a.m.32 views

CVE-2021-3144

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...

9.1CVSS9.6AI score0.05481EPSS
Exploits0
Debian CVE
Debian CVEadded 2021/02/27 12:0 a.m.17 views

CVE-2021-3148

Removed by vendor...

9.8CVSS9.2AI score0.07332EPSS
Exploits0
Debian CVE
Debian CVEadded 2021/02/27 12:0 a.m.19 views

CVE-2021-3144

Removed by vendor...

9.1CVSS9.2AI score0.05481EPSS
Exploits0
Debian CVE
Debian CVEadded 2021/02/27 12:0 a.m.36 views

CVE-2021-25282

Removed by vendor...

9.1CVSS9.2AI score0.91286EPSS
Exploits5
Debian CVE
Debian CVEadded 2021/02/27 12:0 a.m.22 views

CVE-2020-28243

Removed by vendor...

7.8CVSS8.7AI score0.01408EPSS
Exploits2
Cvelist
Cvelistadded 2021/02/27 12:0 a.m.19 views

CVE-2021-25282

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillarroots.write method is vulnerable to directory traversal...

9.5AI score0.91286EPSS
Exploits5References11
Cvelist
Cvelistadded 2021/02/27 12:0 a.m.18 views

CVE-2020-35662

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated...

8.4AI score0.0075EPSS
Exploits0References8
Debian CVE
Debian CVEadded 2021/02/27 12:0 a.m.19 views

CVE-2020-28972

Removed by vendor...

5.9CVSS7.7AI score0.00802EPSS
Exploits0
Debian CVE
Debian CVEadded 2021/02/27 12:0 a.m.23 views

CVE-2021-3197

Removed by vendor...

9.8CVSS9.2AI score0.09933EPSS
Exploits0
CVE
CVEadded 2021/02/27 12:0 a.m.270 views

CVE-2021-3197

SaltStack Salt before 3002.5 is vulnerable in the salt-api ssh client to a shell injection via ProxyCommand or via ssh_options provided in API requests. Affected component: salt-api SSH handling; root cause: improper handling of ProxyCommand/ssh_options inputs leading to command injection. Impact...

9.8CVSS9.3AI score0.09933EPSS
Exploits0References10Affected Software1
Cvelist
Cvelistadded 2021/02/27 12:0 a.m.18 views

CVE-2021-25284

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level...

7AI score0.0002EPSS
Exploits0References10
Cvelist
Cvelistadded 2021/02/27 12:0 a.m.17 views

CVE-2021-3144

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...

9.7AI score0.05481EPSS
Exploits0References9
CVE
CVEadded 2021/02/27 12:0 a.m.274 views

CVE-2021-25284

CVE-2021-25284 affects SaltStack Salt prior to 3002.5, where salt.modules.cmdmod can log credentials to info or error logs. Exploitation details are not provided in the sources, but multiple advisories confirm credential leakage via logging within cmdmod. Remediation across sources centers on upg...

4.4CVSS6.5AI score0.0002EPSS
Exploits0References10Affected Software1
CVE
CVEadded 2021/02/27 12:0 a.m.312 views

CVE-2021-25282

CVE-2021-25282 affects SaltStack Salt prior to 3002.5, where the salt.wheel.pillar_roots.write method is vulnerable to directory traversal in the Salt API wheelClient. This can allow writing to subdirectories via pillar_roots.write. Debian and Fedora advisories indicate patches and upgrades to Sa...

9.1CVSS9.1AI score0.91286EPSS
Exploits5References11Affected Software1
Cvelist
Cvelistadded 2021/02/27 12:0 a.m.12 views

CVE-2021-3148

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.genthin command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py...

9.8AI score0.07332EPSS
Exploits0References9
CVE
CVEadded 2021/02/27 12:0 a.m.240 views

CVE-2020-28972

SaltStack Salt CVE-2020-28972 : A vulnerability in Salt before 3002.5 allows authentication to VMware vcenter, vSphere, and ESXi servers via the vmware.py code paths without always validating SSL/TLS certificates. The issue stems from improper certificate validation in the SSL/TLS verification fl...

5.9CVSS7.3AI score0.00802EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVEadded 2021/02/27 12:0 a.m.30 views

CVE-2020-35662

Removed by vendor...

7.4CVSS8.5AI score0.0075EPSS
Exploits0
Debian CVE
Debian CVEadded 2021/02/27 12:0 a.m.32 views

CVE-2021-25284

Removed by vendor...

4.4CVSS7.3AI score0.0002EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2021/02/27 12:0 a.m.317 views

CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master. Recent assessments: kevthehermit at February 26, 2021 5:08pm UTC reported: Vulnerability This...

9.8CVSS9.8AI score0.93846EPSS
Exploits6References9
Rows per page
Query Builder