Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet enterprise 2.5.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-4962
The reset password page in Puppet Enterprise prior to 3.0.1 does not force entry of the current password, which allows malicious users to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise
NA
CVE-2013-4964
Puppet Enterprise prior to 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise
NA
CVE-2013-4967
Puppet Enterprise prior to 3.0.1 allows remote malicious users to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise
NA
CVE-2013-3567
Puppet 2.7.x prior to 2.7.22 and 3.2.x prior to 3.2.2, and Puppet Enterprise prior to 2.8.2, deserializes untrusted YAML, which allows remote malicious users to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 3.2.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.20
Puppetlabs Puppet 2.7.19
Puppet Puppet 2.7.2
Puppet Puppet 2.7.10
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppet Puppet 2.7.16
Puppet Puppet 2.7.17
Puppet Puppet 2.7.18
Puppet Puppet 2.7.21
Puppet Puppet 3.2.1
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Novell Suse Linux Enterprise Server 11.0
Novell Suse Linux Enterprise Desktop 11.0
Novell Suse Linux Enterprise Desktop 11
1 Article
NA
CVE-2013-2716
Puppet Labs Puppet Enterprise prior to 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote malicious users to obtain console access via a crafted cookie.
Puppetlabs Puppet 2.5.0
Puppetlabs Puppet 1.2.0
Puppetlabs Puppet 2.6.0
Puppetlabs Puppet 1.0.0
Puppetlabs Puppet 1.1.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise
NA
CVE-2012-1989
telnet.rb in Puppet 2.7.x prior to 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.9
Puppet Puppet 2.7.10
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet Enterprise 1.2.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.0.1
Puppet Puppet Enterprise 2.0.2
Puppet Puppet Enterprise 1.2.1
Puppet Puppet Enterprise 1.2.2
Puppet Puppet Enterprise 1.2.3
Puppet Puppet Enterprise 1.2.4
Puppet Puppet Enterprise 2.5.0
NA
CVE-2012-1906
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or i...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
NA
CVE-2012-1986
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlin...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
NA
CVE-2012-1987
Unspecified vulnerability in Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
NA
CVE-2012-1988
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by crea...
Puppet Puppet
Puppet Puppet Enterprise 1.0
Puppet Puppet Enterprise 1.1
Puppet Puppet Enterprise
Fedoraproject Fedora 17
Fedoraproject Fedora 16
Fedoraproject Fedora 15
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 10.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2