CVE-2026-27473

SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...

SPIP 安全漏洞

SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.9 contained a security vulnerability, which was caused by improper cleaning of URLSYNDIC outputs on private joint site pages. This vulnerability could lead to storage-side cross-site...

EUVD-2024-2131

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-22231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directo...

Linux Distros Unpatched Vulnerability : CVE-2022-22941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user...

GHSA-Q27C-J6J9-53W3 Directory creation by malicious user in saltstack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

UBUNTU-CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

CVE-2024-22231 Syndic cache directory creation is vulnerable to a directory traversal attack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

CVE-2024-22231 Syndic cache directory creation is vulnerable to a directory traversal attack

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

CVE-2024-22231

Removed by vendor...

CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

openSUSE: Security Advisory for salt (SUSE-SU-2023:4387-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for salt (SUSE-SU-2023:3862-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0508-1 Security update for salt

This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 Bugs fixed: - Ensur...

PT-2024-4384 · Salt +3 · Salt +3

Name of the Vulnerable Software and Affected Versions: Salt affected versions not specified Description: The issue is related to a directory traversal attack in the Salt project, specifically in the Syndic cache directory creation. This could allow a malicious attacker to create an arbitrary...

SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:4390-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4390-1 advisory. Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack bsc1215157 Bugs fixed: - Fix optimizationorder opt to...

SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:2581-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2581-1 advisory. - Update to Salt release version 3006.0 jscPED-4361 See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - A...

SUSE SLES15: python3-salt / salt / salt-api / salt-bash-completion / salt-cloud / etc (SUSE-SU-2023:2572-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2572-1 advisory. - Update to Salt release version 3006.0 jscPED-4361 See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - A...

SUSE CVE-2022-22941

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...