CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

853 matches found

Prion•added 2017/09/26 2:29 p.m.•20 views

Command injection

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

9CVSS8.7AI score0.0097EPSS

Exploits0References3Affected Software1

OSV•added 2017/09/26 2:29 p.m.•27 views

PYSEC-2017-39

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

9CVSS5.5AI score0.0097EPSS

Exploits0References3

OSV•added 2017/09/26 2:29 p.m.•0 views

UBUNTU-CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled...

8.8CVSS7.6AI score0.0097EPSS

Exploits0References2

Debian CVE•added 2017/09/26 2:0 p.m.•17 views

CVE-2017-5192

Removed by vendor...

8.8CVSS8.7AI score0.0048EPSS

Exploits0

AlpineLinux•added 2017/09/26 2:0 p.m.•39 views

CVE-2017-5192

When using the localbatch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed...

8.8CVSS8.8AI score0.0048EPSS

Exploits0

CVE•added 2017/09/26 2:0 p.m.•95 views

CVE-2017-5200

CVE-2017-5200 affects SaltStack Salt’s Salt-api via ssh_client, enabling arbitrary command execution on the salt-master. Affected versions include Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2. Mitigation: apply the fixed releases (e.g., Salt 2015.8.13, 2016.3.5,...

9CVSS8.6AI score0.0097EPSS

Exploits0References3Affected Software1

Cvelist•added 2017/09/26 2:0 p.m.•16 views

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

8.8AI score0.0097EPSS

Exploits0References3

CVE•added 2017/09/26 2:0 p.m.•86 views

CVE-2017-5192

CVE-2017-5192 affects SaltStack Salt where the local_batch client from salt-api does not respect external_auth in certain old branches (Salt before 2015.8.13; 2016.3.x before 2016.3.5; 2016.11.x before 2016.11.2). This enables authentication bypass of remote callers using the local_batch interfac...

8.8CVSS8.5AI score0.0048EPSS

Exploits0References3Affected Software1

Debian CVE•added 2017/09/26 2:0 p.m.•26 views

CVE-2017-5200

Removed by vendor...

9CVSS8.7AI score0.0097EPSS

Exploits0

AlpineLinux•added 2017/09/26 2:0 p.m.•42 views

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

9CVSS8.8AI score0.0097EPSS

Exploits0

Cvelist•added 2017/09/26 2:0 p.m.•16 views

CVE-2017-5192

8.7AI score0.0048EPSS

Exploits0References3

CNVD•added 2017/08/29 12:0 a.m.•1 views

Salt has an unspecified vulnerability

Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. in the United States. The tool provides configuration management , remote execution and other functions , able to manage tens of thousands of servers , with the ability to quickly complete the data...

7.5CVSS7.6AI score0.00158EPSS

Exploits0References1

ATTACKERKB•added 2017/08/23 2:29 p.m.•4 views

CVE-2017-12791

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID...

9.8CVSS5.6AI score0.00924EPSS

Exploits0References7

OSV•added 2017/08/23 2:29 p.m.•1 views

PYSEC-2017-151

9.8CVSS7AI score0.00924EPSS

Exploits0References6