Search CVE reports


Toggle filters

31 – 40 of 80 results


CVE-2017-2295

Medium priority

Some fixes available 2 of 4

Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would...

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not affected Not affected Not affected Fixed
Show less packages

CVE-2015-7331

Medium priority
Not affected

The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not affected
Show less packages

CVE-2016-2786

Medium priority
Not affected

The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary...

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not affected
Show less packages

CVE-2016-2785

Low priority
Not affected

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet Not affected
Show less packages

CVE-2015-7328

Medium priority
Not affected

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and...

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet
Show less packages

CVE-2015-1029

Medium priority
Ignored

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.

1 affected package

puppet-module-puppetlabs-stdlib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet-module-puppetlabs-stdlib Not affected Not affected
Show less packages

CVE-2014-9355

Medium priority
Not affected

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet
Show less packages

CVE-2014-3248

Low priority

Some fixes available 1 of 19

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby...

4 affected packages

facter, mcollective, puppet, ruby-hiera

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
facter Not affected Not affected Not affected Not affected Not affected
mcollective Not affected Not affected Not affected Not affected Not affected
puppet Not in release Not affected Not affected Not affected Not affected
ruby-hiera Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2013-4969

Low priority

Some fixes available 4 of 5

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet
Show less packages

CVE-2013-4965

Medium priority
Ignored

Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puppet
Show less packages