Skip to main content
CVE-2013-6618 CRITICAL POC Act Now

jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Juniper Information Disclosure Junos
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
8.6%
CVE-2013-6617 CRITICAL PATCH Act Now

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Salt
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2013-4437 CRITICAL PATCH Act Now

Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Salt
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2013-4436 CRITICAL PATCH Act Now

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Salt
NVD
CVSS 2.0
9.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy