Several vulnerabilities were discovered in salt-common, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of salt-common SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the salt-common API using the SSH client.