40 matches found
CVE-2026-27473
SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...
SPIP 安全漏洞
SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.9 contained a security vulnerability, which was caused by improper cleaning of URLSYNDIC outputs on private joint site pages. This vulnerability could lead to storage-side cross-site...
EUVD-2024-2131
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-22231
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directo...
Linux Distros Unpatched Vulnerability : CVE-2022-22941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user...
GHSA-Q27C-J6J9-53W3 Directory creation by malicious user in saltstack
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...
CVE-2024-22231
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...
UBUNTU-CVE-2024-22231
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...
CVE-2024-22231 Syndic cache directory creation is vulnerable to a directory traversal attack
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...
CVE-2024-22231
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...
CVE-2024-22231 Syndic cache directory creation is vulnerable to a directory traversal attack
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...
CVE-2024-22231
Removed by vendor...
openSUSE: Security Advisory for salt (SUSE-SU-2023:4387-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for salt (SUSE-SU-2023:3862-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:0508-1 Security update for salt
This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 Bugs fixed: - Ensur...
PT-2024-4384 · Salt +3 · Salt +3
Name of the Vulnerable Software and Affected Versions: Salt affected versions not specified Description: The issue is related to a directory traversal attack in the Salt project, specifically in the Syndic cache directory creation. This could allow a malicious attacker to create an arbitrary...
SUSE SLES15 Security Update : salt (SUSE-SU-2023:4390-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4390-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has not tested for this issue but has...
SUSE SLES15 Security Update : salt (SUSE-SU-2023:2572-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2572-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
SUSE SLES15 Security Update : salt (SUSE-SU-2023:2581-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2581-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
SUSE CVE-2022-22941
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user configured in the publisheracl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid,...