Search CVE reports


Toggle filters

21 – 30 of 80 results


CVE-2018-6508

Medium priority
Needs evaluation

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected...

3 affected packages

puppet-module-puppetlabs-apache, puppet-module-puppetlabs-apt, puppet-module-puppetlabs-mysql

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet-module-puppetlabs-apache Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
puppet-module-puppetlabs-apt Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
puppet-module-puppetlabs-mysql Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2017-10690

Medium priority
Not affected

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not affected
Show less packages

CVE-2017-10689

Medium priority

Some fixes available 2 of 3

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not affected Not affected Not affected Fixed
Show less packages

CVE-2015-7224

Medium priority
Not affected

puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.

1 affected package

puppet-module-puppetlabs-mysql

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet-module-puppetlabs-mysql
Show less packages

CVE-2015-4100

Medium priority
Not affected

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not affected
Show less packages

CVE-2014-3250

Low priority
Ignored

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master...

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not affected
Show less packages

CVE-2016-5713

Low priority
Ignored

Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first...

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not affected
Show less packages

CVE-2016-5714

Medium priority
Not affected

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to...

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not affected
Show less packages

CVE-2017-2299

Medium priority
Vulnerable

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be...

1 affected package

puppet-module-puppetlabs-apache

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet-module-puppetlabs-apache Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2017-2294

Low priority
Not affected

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the...

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not affected
Show less packages