Vulnerabilities > Saltstack > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-17 | CVE-2021-33226 | Classic Buffer Overflow vulnerability in Saltstack Salt Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. | 9.8 |
| 2021-02-27 | CVE-2021-25281 | Improper Authentication vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-27 | CVE-2021-25282 | Path Traversal vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.1 |
| 2021-02-27 | CVE-2021-25283 | Code Injection vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-27 | CVE-2021-3144 | Insufficient Session Expiration vulnerability in multiple products In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. | 9.1 |
| 2021-02-27 | CVE-2021-3148 | Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-27 | CVE-2021-3197 | Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 9.8 |
| 2020-11-06 | CVE-2020-16846 | OS Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt through 3002. | 9.8 |
| 2020-11-06 | CVE-2020-25592 | Improper Authentication vulnerability in multiple products In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. | 9.8 |
| 2020-01-17 | CVE-2019-17361 | Command Injection vulnerability in multiple products In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. | 9.8 |