Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet enterprise vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2017-2290
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolve...
Puppet Mcollective-puppet-agent 1.12.0
445
VMScore
CVE-2016-2787
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x prior to 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
Puppetlabs Puppet Enterprise 2015.3
Puppet Puppet Enterprise 2015.3.2
445
VMScore
CVE-2016-9686
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2016.5.1
516
VMScore
CVE-2015-6501
Open redirect vulnerability in the Console in Puppet Enterprise prior to 2015.2.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.
Puppet Puppet Enterprise
516
VMScore
CVE-2016-5715
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: thi...
Puppet Puppet Enterprise
668
VMScore
CVE-2016-2786
The pxp-agent component in Puppet Enterprise 2015.3.x prior to 2015.3.3 and Puppet Agent 1.3.x prior to 1.3.6 does not properly validate server certificates, which might allow remote malicious users to spoof brokers and execute arbitrary commands via a crafted certificate.
Puppet Puppet Agent 1.3.0
Puppet Puppet Agent 1.3.1
Puppet Puppet Agent 1.3.2
Puppet Puppet Agent 1.3.4
Puppet Puppet Agent 1.3.5
Puppet Puppet Enterprise 2015.3.0
Puppet Puppet Enterprise 2015.3.2
578
VMScore
CVE-2015-7330
Puppet Enterprise 2015.3 prior to 2015.3.1 allows remote malicious users to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.
Puppet Puppet Enterprise 2015.3.0
169
VMScore
CVE-2015-7328
Puppet Server in Puppet Enterprise prior to 3.8.x prior to 3.8.3 and 2015.2.x prior to 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to ...
Puppet Puppet Enterprise 3.8.0
Puppet Puppet Enterprise 3.8.1
Puppet Puppet Enterprise 3.8.2
Puppet Puppet Enterprise 2015.2.0
Puppet Puppet Enterprise 2015.2.1
Puppet Puppet Enterprise 2015.2.2
356
VMScore
CVE-2014-9355
Puppet Enterprise prior to 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.
Puppet Puppet Enterprise
552
VMScore
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppet Facter 2.0.0
Puppet Facter 2.0.1
Puppetlabs Facter
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet Enterprise
Puppet Puppet
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »