Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salt 2019 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-1010259
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: sp...
Saltstack Salt 2018 3.0
Saltstack Salt 2019 2.0
9.8
CVSSv3
CVE-2019-17361
In SaltStack Salt up to and including 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
7.8
CVSSv3
CVE-2019-18897
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local malicious users to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterpr...
Suse Linux Enterprise Server 12
Suse Linux Enterprise Server 15
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2019-9080
DomainMOD prior to 4.14.0 uses MD5 without a salt for password storage.
Domainmod Domainmod
5.9
CVSSv3
CVE-2019-12813
An issue exists in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint i...
Crossmatch Digital Persona U.are.u 4500 Firmware 24
1 Github repository
5.3
CVSSv3
CVE-2019-12737
UserHashedTableAuth in JetBrains Ktor framework prior to 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
Jetbrains Ktor 1.2.0
Jetbrains Ktor
7.5
CVSSv3
CVE-2019-3907
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
Identicard Premisys Id 3.1.190
7.2
CVSSv3
CVE-2019-0030
Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions before 5.0.3.
Juniper Advanced Threat Prevention Firmware
7.5
CVSSv3
CVE-2019-3916
Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated malicious user to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).
Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05
6.5
CVSSv3
CVE-2019-5615
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files a...
Rapid7 Insightvm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »