Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salt 2019 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-9080
DomainMOD prior to 4.14.0 uses MD5 without a salt for password storage.
Domainmod Domainmod
7.2
CVSSv2
CVE-2019-18897
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local malicious users to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterpr...
Suse Linux Enterprise Server 12
Suse Linux Enterprise Server 15
Opensuse Leap 15.1
6.8
CVSSv2
CVE-2019-17361
In SaltStack Salt up to and including 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
4.3
CVSSv2
CVE-2019-15802
An issue exists on Zyxel GS1900 devices with firmware prior to 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all pa...
Zyxel Gs1900-8 Firmware
Zyxel Gs1900-8hp Firmware
Zyxel Gs1900-10hp Firmware
Zyxel Gs1900-16 Firmware
Zyxel Gs1900-24e Firmware
Zyxel Gs1900-24 Firmware
Zyxel Gs1900-24hp Firmware
Zyxel Gs1900-48 Firmware
Zyxel Gs1900-48hp Firmware
2 Github repositories
5
CVSSv2
CVE-2019-12737
UserHashedTableAuth in JetBrains Ktor framework prior to 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
Jetbrains Ktor 1.2.0
Jetbrains Ktor
7.5
CVSSv2
CVE-2019-1010259
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: sp...
Saltstack Salt 2018 3.0
Saltstack Salt 2019 2.0
4.3
CVSSv2
CVE-2019-12813
An issue exists in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint i...
Crossmatch Digital Persona U.are.u 4500 Firmware 24
1 Github repository
5
CVSSv2
CVE-2019-3916
Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated malicious user to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).
Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05
3.5
CVSSv2
CVE-2019-5615
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files a...
Rapid7 Insightvm
5
CVSSv2
CVE-2019-3907
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
Identicard Premisys Id 3.1.190
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »