| CVE-2013-6617 |
critical |
— |
10.0 |
|
|
|
13y ago |
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. |
| CVE-2013-4437 |
critical |
— |
10.0 |
|
|
|
13y ago |
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp." |
| CVE-2017-14695 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials … |
| CVE-2017-12791 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master … |
| CVE-2015-6941 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. |
| CVE-2013-4436 |
critical |
— |
9.3 |
|
|
|
13y ago |
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle … |
| CVE-2016-9639 |
critical |
9.1 |
9.1 |
|
|
|
9y ago |
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. |
| CVE-2015-8034 |
low |
3.3 |
3.3 |
|
|
|
4y ago |
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. |
