Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salt 2018 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-1010259
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: sp...
Saltstack Salt 2018 3.0
Saltstack Salt 2019 2.0
5.3
CVSSv3
CVE-2018-15750
Directory Traversal vulnerability in salt-api in SaltStack Salt prior to 2017.7.8 and 2018.3.x prior to 2018.3.3 allows remote malicious users to determine which files exist on the server.
Saltstack Salt
9.8
CVSSv3
CVE-2018-15751
SaltStack Salt prior to 2017.7.8 and 2018.3.x prior to 2018.3.3 allow remote malicious users to bypass authentication and execute arbitrary commands via salt-api(netapi).
Saltstack Salt
7.5
CVSSv3
CVE-2018-14647
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's inte...
Python Python
Python Python 3.7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Opensuse Leap 15.1
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
9.8
CVSSv3
CVE-2018-15681
An issue exists in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully s...
Btiteam Xbtit 2.5.4
7.8
CVSSv3
CVE-2018-6619
Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for malicious users to crack database passwords by leveraging use of a weak hashing algorithm without a salt.
Ehcp Easy Hosting Control Panel 0.37.12.b
7.8
CVSSv3
CVE-2018-9233
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for malicious users to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow...
Sophos Endpoint Protection 10.7
1 EDB exploit
8.1
CVSSv3
CVE-2018-1447
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer shou...
Ibm Spectrum Protect For Virtual Environments
Ibm Spectrum Protect For Space Management
Ibm Spectrum Protect Snapshot
3.3
CVSSv3
CVE-2018-5552
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper".
Docutracinc Dtisqlinstaller
9.8
CVSSv3
CVE-2017-1000158
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
Python Python
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started