It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. (CVE-2020-16846) It was discovered that Salt incorrectly created certificates with weak file permissions. (CVE-2020-17490) It was discovered that Salt incorrectly handled credential validation. A remote attacker could possibly use this issue to bypass authentication. (CVE-2020-25592) It was discovered that Salt incorrectly handled crafted process names. An attacker could possibly use this issue to run arbitrary commands. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28243) It was discovered that Salt incorrectly handled validation of SSL/TLS certificates. A remote attacker could possibly use this issue to spoof a trusted entity. (CVE-2020-28972, CVE-2020-35662) It was discovered that Salt incorrectly handled credential validation. A remote attacker could possibly use this issue to run arbitrary code. (CVE-2021-25281) It was discovered that Salt incorrectly handled crafted paths. A remote attacker could possibly use this issue to perform directory traversal. (CVE-2021-25282) It was discovered that Salt incorrectly handled template rendering. A remote attacker could possibly this issue to run arbitrary code. (CVE-2021-25283) It was discovered that Salt incorrectly handled logging. An attacker could possibly use this issue to discover credentials. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-25284) It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3148) It was discovered that Salt incorrectly handled input sanitization. A remote attacker could possibly use this issue to run arbitrary commands. (CVE-2021-3197)
Continue reading...
Continue reading...
