Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack salt 2016.11.3 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-25281
An issue exists in through SaltStack Salt prior to 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
7.5
CVSSv2
CVE-2020-16846
An issue exists in SaltStack Salt up to and including 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
1 Article
7.5
CVSSv2
CVE-2017-14695
Directory traversal vulnerability in minion id validation in SaltStack Salt prior to 2016.3.8, 2016.11.x prior to 2016.11.8, and 2017.7.x prior to 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerabili...
Saltstack Salt 2016.11.2
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11
Saltstack Salt 2016.11.3
Saltstack Salt 2017.7.0
Saltstack Salt 2017.7.1
Saltstack Salt 2016.11.7
Saltstack Salt 2016.11.6
Saltstack Salt 2016.11.5
Saltstack Salt 2016.11.4
Saltstack Salt
5
CVSSv2
CVE-2017-14696
SaltStack Salt prior to 2016.3.8, 2016.11.x prior to 2016.11.8, and 2017.7.x prior to 2017.7.2 allows remote malicious users to cause a denial of service via a crafted authentication request.
Saltstack Salt 2016.11.2
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11
Saltstack Salt 2016.11.3
Saltstack Salt 2017.7.0
Saltstack Salt 2017.7.1
Saltstack Salt 2016.11.7
Saltstack Salt 2016.11.6
Saltstack Salt 2016.11.5
Saltstack Salt 2016.11.4
Saltstack Salt
2.1
CVSSv2
CVE-2017-8109
The salt-ssh minion code in SaltStack Salt 2016.11 prior to 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
Saltstack Salt 2016.11.2
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11
Saltstack Salt 2016.11.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started