Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2014-3563
Multiple unspecified vulnerabilities in Salt (aka SaltStack) prior to 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
Saltstack Salt
534
VMScore
CVE-2013-4435
Salt (aka SaltStack) 0.15.0 up to and including 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
Saltstack Salt 0.15.0
Saltstack Salt 0.15.1
Saltstack Salt 0.17.0
Saltstack Salt 0.16.0
Saltstack Salt 0.16.3
Saltstack Salt 0.16.2
Saltstack Salt 0.16.4
828
VMScore
CVE-2013-4436
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote malicious users to have unspecified impact via a man-in-the-middle (MITM) attack.
Saltstack Salt 0.17.0
436
VMScore
CVE-2013-4439
Salt (aka SaltStack) prior to 0.15.0 up to and including 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
Saltstack Salt 0.15.0
Saltstack Salt 0.15.1
Saltstack Salt 0.16.0
Saltstack Salt 0.16.2
Saltstack Salt 0.16.3
Saltstack Salt 0.16.4
Saltstack Salt 0.17.0
890
VMScore
CVE-2013-4437
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."
Saltstack Salt 0.17.0
668
VMScore
CVE-2013-4438
Salt (aka SaltStack) prior to 0.17.1 allows remote malicious users to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
Saltstack Salt 0.16.4
Saltstack Salt 0.16.3
Saltstack Salt 0.16.2
Saltstack Salt 0.16.0
Saltstack Salt 0.9.8
Saltstack Salt 0.9.7
Saltstack Salt 0.9.6
Saltstack Salt 0.9.5
Saltstack Salt 0.9.4
Saltstack Salt 0.12.0
Saltstack Salt 0.11.0
Saltstack Salt 0.10.5
Saltstack Salt 0.10.4
Saltstack Salt 0.8.8
Saltstack Salt 0.8.7
Saltstack Salt 0.8.0
Saltstack Salt 0.7.0
Saltstack Salt 0.15.0
Saltstack Salt 0.13.0
Saltstack Salt 0.10.3
Saltstack Salt 0.10.0
Saltstack Salt 0.9.3
890
VMScore
CVE-2013-6617
The salt master in Salt (aka SaltStack) 0.11.0 up to and including 0.17.0 does not properly drop group privileges, which makes it easier for remote malicious users to gain privileges.
Saltstack Salt 0.16.2
Saltstack Salt 0.16.3
Saltstack Salt 0.16.4
Saltstack Salt 0.17.0
Saltstack Salt 0.14.0
Saltstack Salt 0.15.1
Saltstack Salt 0.11.0
Saltstack Salt 0.13.0
Saltstack Salt 0.15.0
Saltstack Salt 0.16.0
Saltstack Salt 0.12.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6