Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 59 results


CVE-2021-25282

Medium priority

Some fixes available 2 of 8

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Fixed
Show less packages

CVE-2021-25281

Medium priority

Some fixes available 2 of 8

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Fixed
Show less packages

CVE-2020-35662

Medium priority

Some fixes available 2 of 8

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Fixed
Show less packages

CVE-2020-28972

Medium priority

Some fixes available 2 of 8

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Fixed
Show less packages

CVE-2020-28243

Medium priority

Some fixes available 1 of 7

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on...

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Not affected
Show less packages

CVE-2020-25592

Medium priority

Some fixes available 2 of 8

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Fixed
Show less packages

CVE-2020-17490

Medium priority

Some fixes available 2 of 8

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Fixed
Show less packages

CVE-2020-16846

High priority

Some fixes available 2 of 8

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Needs evaluation Not in release Fixed Fixed
Show less packages

CVE-2020-11652

Medium priority

Some fixes available 3 of 4

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory...

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Not affected Not in release Fixed Fixed
Show less packages

CVE-2020-11651

Medium priority

Some fixes available 3 of 4

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods...

1 affected packages

salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
salt Not in release Not affected Not in release Fixed Fixed
Show less packages