Vulnerabilities > Saltstack > Salt > 2015.8.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-20897 | Improper Resource Shutdown or Release vulnerability in Saltstack Salt Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. | 5.3 |
| 2023-09-05 | CVE-2023-20898 | Unspecified vulnerability in Saltstack Salt Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. | 7.8 |
| 2023-02-17 | CVE-2021-33226 | Classic Buffer Overflow vulnerability in Saltstack Salt Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. | 9.8 |
| 2022-06-23 | CVE-2022-22967 | Incorrect Authorization vulnerability in Saltstack Salt An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. | 8.8 |
| 2021-09-08 | CVE-2021-21996 | An issue was discovered in SaltStack Salt before 3003.3. | 7.5 |
| 2021-09-08 | CVE-2021-22004 | Race Condition vulnerability in multiple products An issue was discovered in SaltStack Salt before 3003.3. | 6.4 |
| 2021-03-03 | CVE-2021-25315 | Unspecified vulnerability in Saltstack Salt CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. | 7.8 |
| 2021-02-27 | CVE-2021-3197 | Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-27 | CVE-2021-3148 | Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt before 3002.5. | 9.8 |
| 2021-02-27 | CVE-2021-3144 | Insufficient Session Expiration vulnerability in multiple products In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. | 9.1 |