Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enterprise vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2013-4957
The dashboard report in Puppet Enterprise prior to 3.0.1 allows malicious users to execute arbitrary YAML code via a crafted report-specific type.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.1
614
VMScore
CVE-2013-4958
Puppet Enterprise prior to 3.0.1 does not use a session timeout, which makes it easier for malicious users to gain privileges by leveraging an unattended workstation.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
187
VMScore
CVE-2013-4959
Puppet Enterprise prior to 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.1
445
VMScore
CVE-2013-4961
Puppet Enterprise prior to 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote malicious users to obtain sensitive information.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
516
VMScore
CVE-2013-4962
The reset password page in Puppet Enterprise prior to 3.0.1 does not force entry of the current password, which allows malicious users to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
445
VMScore
CVE-2013-4964
Puppet Enterprise prior to 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
445
VMScore
CVE-2013-4967
Puppet Enterprise prior to 3.0.1 allows remote malicious users to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.5.1
231
VMScore
CVE-2010-5143
McAfee VirusScan Enterprise prior to 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.
Mcafee Virusscan Enterprise 8.7.00004
Mcafee Virusscan Enterprise
Mcafee Virusscan Enterprise 8.5i
Mcafee Virusscan Enterprise 8.0i
Mcafee Virusscan Enterprise 8.7i
Mcafee Virusscan Enterprise 8.7.00003
Mcafee Virusscan Enterprise 8.6.0
605
VMScore
CVE-2017-10424
Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Web). Supported versions that are affected are 3.2.8.2223 and previous versions, 3.3.4.3247 and previous versions and 3.4.2.4181 and previous versions. Easily exploitable vulnerabil...
Oracle Mysql Enterprise Monitor 3.2.6
Oracle Mysql Enterprise Monitor 3.2.7
Oracle Mysql Enterprise Monitor 3.2.2
Oracle Mysql Enterprise Monitor 3.2.3
Oracle Mysql Enterprise Monitor 3.2.0
Oracle Mysql Enterprise Monitor 3.2.1
Oracle Mysql Enterprise Monitor 3.2.8
Oracle Mysql Enterprise Monitor 3.2.8.2223
Oracle Mysql Enterprise Monitor 3.2.4
Oracle Mysql Enterprise Monitor 3.2.5
Oracle Mysql Enterprise Monitor 3.3.4
Oracle Mysql Enterprise Monitor 3.3.4.3247
Oracle Mysql Enterprise Monitor 3.3.0
Oracle Mysql Enterprise Monitor 3.3.1
Oracle Mysql Enterprise Monitor 3.3.2
Oracle Mysql Enterprise Monitor 3.3.3
Oracle Mysql Enterprise Monitor 3.4.1
Oracle Mysql Enterprise Monitor 3.4.2
Oracle Mysql Enterprise Monitor 3.4.0
Oracle Mysql Enterprise Monitor 3.4.2.4181
578
VMScore
CVE-2020-9523
Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version before 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an malicious user to transmit hashed credentials for the u...
Microfocus Enterprise Developer 4.0
Microfocus Enterprise Developer 5.0
Microfocus Enterprise Developer
Microfocus Enterprise Server 4.0
Microfocus Enterprise Server 5.0
Microfocus Enterprise Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »