| CVE-2013-6617 |
critical |
— |
10.0 |
|
|
|
13y ago |
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. |
| CVE-2013-4437 |
critical |
— |
10.0 |
|
|
|
13y ago |
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp." |
| CVE-2017-14695 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials … |
| CVE-2017-12791 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master … |
| CVE-2015-6941 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. |
| CVE-2013-4436 |
critical |
— |
9.3 |
|
|
|
13y ago |
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle … |
| CVE-2016-9639 |
critical |
9.1 |
9.1 |
|
|
|
9y ago |
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. |
| CVE-2017-5200 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. |
| CVE-2017-5192 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all au… |
| CVE-2016-1866 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master dat… |
| CVE-2017-8109 |
high |
7.8 |
7.8 |
|
|
|
9y ago |
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on co… |
| CVE-2017-14696 |
high |
7.5 |
7.5 |
|
|
|
4y ago |
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. |
| CVE-2015-4017 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. |
| CVE-2013-4438 |
high |
— |
7.5 |
|
|
|
13y ago |
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to … |
| CVE-2014-3563 |
high |
— |
7.2 |
|
|
|
12y ago |
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-s… |
