Vulnerabilities > Saltstack > Salt > 2018.3.5

DATE CVE VULNERABILITY TITLE RISK
2020-11-06 CVE-2020-16846 OS Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt through 3002.
network
low complexity
saltstack debian fedoraproject opensuse CWE-78
critical
 9.8
9.8
2020-04-30 CVE-2020-11652 Path Traversal vulnerability in multiple products
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. 		6.5
6.5
2020-04-30 CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
network
low complexity
saltstack opensuse debian canonical vmware
critical
 9.8
9.8
2020-01-17 CVE-2019-17361 Command Injection vulnerability in multiple products
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection.
network
low complexity
saltstack debian opensuse canonical CWE-77
critical
 9.8
9.8