Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet agent vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2016-5714
Puppet Enterprise 2015.3.3 and 2016.x prior to 2016.4.0, and Puppet Agent 1.3.6 up to and including 1.7.0 allow remote malicious users to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "P...
Puppet Puppet Enterprise 2015.3.3
Puppet Puppet Enterprise 2016.1.1
Puppet Puppet Enterprise 2016.1.2
Puppet Puppet Enterprise 2016.2.0
Puppet Puppet Enterprise 2016.2.1
Puppet Puppet Agent
9
CVSSv2
CVE-2017-2290
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolve...
Puppet Mcollective-puppet-agent 1.12.0
4.9
CVSSv2
CVE-2015-7331
The mcollective-puppet-agent plugin prior to 1.11.1 for Puppet allows remote malicious users to execute arbitrary code via vectors involving the --server argument.
Puppetlabs Mcollective-puppet-agent
7.5
CVSSv2
CVE-2016-2786
The pxp-agent component in Puppet Enterprise 2015.3.x prior to 2015.3.3 and Puppet Agent 1.3.x prior to 1.3.6 does not properly validate server certificates, which might allow remote malicious users to spoof brokers and execute arbitrary commands via a crafted certificate.
Puppet Puppet Agent 1.3.0
Puppet Puppet Agent 1.3.1
Puppet Puppet Agent 1.3.2
Puppet Puppet Agent 1.3.4
Puppet Puppet Agent 1.3.5
Puppet Puppet Enterprise 2015.3.0
Puppet Puppet Enterprise 2015.3.2
7.5
CVSSv2
CVE-2016-2785
Puppet Server prior to 2.3.2 and Ruby puppetmaster in Puppet 4.x prior to 4.4.2 and in Puppet Agent prior to 1.4.2 might allow remote malicious users to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
Puppet Puppet 4.0.0
Puppet Puppet 4.1.0
Puppet Puppet 4.2.0
Puppet Puppet 4.2.1
Puppet Puppet 4.2.2
Puppet Puppet 4.2.3
Puppet Puppet 4.3.0
Puppet Puppet 4.3.1
Puppet Puppet 4.3.2
Puppet Puppet 4.4.0
Puppet Puppet 4.4.1
Puppet Puppet Server 2.0.0
Puppet Puppet Server 2.1.0
Puppet Puppet Server 2.1.1
Puppet Puppet Server 2.1.2
Puppet Puppet Server 2.2.0
Puppet Puppet Server 2.3.0
Puppet Puppet Server 2.3.1
Puppet Puppet Agent 1.4.1
6.5
CVSSv2
CVE-2013-2274
Puppet 2.6.x prior to 2.6.18 and Puppet Enterprise 1.2.x prior to 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
Puppet Puppet 2.6.14
Puppet Puppet 2.6.12
Puppet Puppet 2.6.1
Puppet Puppet 2.6.8
Puppet Puppet 2.6.0
Puppet Puppet 2.6.15
Puppet Puppet 2.6.11
Puppet Puppet 2.6.10
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.6.17
Puppet Puppet 2.6.16
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.13
Puppet Puppet 2.6.9
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet Enterprise 1.2.0
4
CVSSv2
CVE-2013-2275
The default configuration for puppet masters 0.25.0 and later in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspeci...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.15
Puppet Puppet 2.6.16
Puppet Puppet 2.6.14
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppetlabs Puppet
Puppet Puppet 2.6.12
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.8
Puppet Puppet 2.6.6
Puppet Puppet 2.6.13
Puppet Puppet 2.6.11
Puppet Puppet 2.6.7
Puppet Puppet 2.6.5
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.9
Puppet Puppet 2.7.4
9
CVSSv2
CVE-2013-1640
The (1) template and (2) inline_template functions in the master server in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users to execute arbitrary code via a craf...
Puppet Puppet
Puppet Puppet 3.1.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.7.0
Puppet Puppet Enterprise 2.7.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
4.9
CVSSv2
CVE-2013-1652
Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspe...
Puppetlabs Puppet
Puppet Puppet 2.7.11
Puppet Puppet 2.7.18
Puppet Puppet 2.7.17
Puppet Puppet 2.7.13
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.9
Puppet Puppet 2.7.3
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.5
Puppet Puppet 2.7.8
Puppet Puppet 2.7.6
Puppet Puppet 2.7.16
Puppet Puppet 2.7.2
Puppet Puppet 2.7.4
Puppet Puppet 2.7.12
Puppet Puppet Enterprise 3.1.0
7.1
CVSSv2
CVE-2013-1653
Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authentica...
Puppet Puppet
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.9
Puppet Puppet 2.7.17
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.10
Puppet Puppet 2.7.16
Puppet Puppet 2.7.18
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppetlabs Puppet 2.7.20
Puppet Puppet Enterprise 3.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »