Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saltstack salt 2016.11.3 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-25281
An issue exists in through SaltStack Salt prior to 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
Saltstack Salt
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
668
VMScore
CVE-2020-16846
An issue exists in SaltStack Salt up to and including 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
1 Article
668
VMScore
CVE-2017-14695
Directory traversal vulnerability in minion id validation in SaltStack Salt prior to 2016.3.8, 2016.11.x prior to 2016.11.8, and 2017.7.x prior to 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerabili...
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11
Saltstack Salt
Saltstack Salt 2017.7.0
Saltstack Salt 2016.11.2
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.7
Saltstack Salt 2016.11.6
Saltstack Salt 2016.11.5
Saltstack Salt 2016.11.4
Saltstack Salt 2017.7.1
Saltstack Salt 2016.11.3
445
VMScore
CVE-2017-14696
SaltStack Salt prior to 2016.3.8, 2016.11.x prior to 2016.11.8, and 2017.7.x prior to 2017.7.2 allows remote malicious users to cause a denial of service via a crafted authentication request.
Saltstack Salt
Saltstack Salt 2016.11
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.2
Saltstack Salt 2017.7.0
Saltstack Salt 2016.11.4
Saltstack Salt 2016.11.5
Saltstack Salt 2016.11.6
Saltstack Salt 2016.11.7
Saltstack Salt 2016.11.3
Saltstack Salt 2017.7.1
187
VMScore
CVE-2017-8109
The salt-ssh minion code in SaltStack Salt 2016.11 prior to 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
Saltstack Salt 2016.11.2
Saltstack Salt 2016.11.0
Saltstack Salt 2016.11
Saltstack Salt 2016.11.1
Saltstack Salt 2016.11.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started