CVE-2021-25315

HIGH Year: 2021
CVSS v3 Score
7.8
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions.

Related Vulnerabilities

CVE-2011-4338

HIGH
CVSS:7.8(High)

Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact th...

CWE-2872011

CVE-2013-5582

HIGH
CVSS:7.8(High)

Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extr...

CWE-2872013

CVE-2014-1867

HIGH
CVSS:7.8(High)

suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution

CWE-2872014

CVE-2014-8347

HIGH
CVSS:7.8(High)

An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevate...

CWE-2872014

CVE-2014-9952

HIGH
CVSS:7.8(High)

In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.

CWE-2872014

CVE-2015-8308

HIGH
CVSS:7.8(High)

LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.

CWE-2872015