Search CVE reports
31 – 40 of 80 results
CVE-2017-2295
Medium prioritySome fixes available 2 of 4
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would...
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | Not affected | Not affected | Not affected | Fixed |
CVE-2015-7331
Medium priorityThe mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | Not affected |
CVE-2016-2786
Medium priorityThe pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary...
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | Not affected |
CVE-2016-2785
Low priorityPuppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | Not affected |
CVE-2015-7328
Medium priorityPuppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and...
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | — |
CVE-2015-1029
Medium priorityThe puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
1 affected package
puppet-module-puppetlabs-stdlib
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet-module-puppetlabs-stdlib | — | — | — | Not affected | Not affected |
CVE-2014-9355
Medium priorityPuppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | — |
CVE-2014-3248
Low prioritySome fixes available 1 of 19
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby...
4 affected packages
facter, mcollective, puppet, ruby-hiera
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
facter | Not affected | Not affected | Not affected | Not affected | Not affected |
mcollective | Not affected | Not affected | Not affected | Not affected | Not affected |
puppet | Not in release | Not affected | Not affected | Not affected | Not affected |
ruby-hiera | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2013-4969
Low prioritySome fixes available 4 of 5
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | — |
CVE-2013-4965
Medium priorityPuppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.
1 affected package
puppet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet | — | — | — | — | — |