Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet enterprise vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2016-2787
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x prior to 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
Puppetlabs Puppet Enterprise 2015.3
Puppet Puppet Enterprise 2015.3.2
445
VMScore
CVE-2016-9686
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2016.5.1
445
VMScore
CVE-2014-3249
Puppet Enterprise 2.8.x prior to 2.8.7 allows remote malicious users to obtain sensitive information via vectors involving hiding and unhiding nodes.
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.4
Puppet Puppet Enterprise 2.8.5
Puppet Puppet Enterprise 2.8.6
Puppet Puppet Enterprise 2.8.0
445
VMScore
CVE-2013-4971
Puppet Enterprise prior to 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Puppet Puppet Enterprise 3.0.1
Puppet Puppet Enterprise 3.0.0
Puppet Puppet Enterprise 3.1.0
Puppet Puppet Enterprise
445
VMScore
CVE-2013-4965
Puppet Enterprise prior to 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote malicious users to bypass intended access restrictions via a brute-force attack.
Puppet Puppet Enterprise 3.0.0
Puppet Puppet Enterprise
445
VMScore
CVE-2013-4961
Puppet Enterprise prior to 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote malicious users to obtain sensitive information.
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise
445
VMScore
CVE-2013-4964
Puppet Enterprise prior to 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise
445
VMScore
CVE-2013-4967
Puppet Enterprise prior to 3.0.1 allows remote malicious users to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise
445
VMScore
CVE-2013-2716
Puppet Labs Puppet Enterprise prior to 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote malicious users to obtain console access via a crafted cookie.
Puppetlabs Puppet 2.5.0
Puppetlabs Puppet 1.2.0
Puppetlabs Puppet 2.6.0
Puppetlabs Puppet 1.0.0
Puppetlabs Puppet 1.1.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise
445
VMScore
CVE-2013-1654
Puppet 2.7.x prior to 2.7.21 and 3.1.x prior to 3.1.1, and Puppet Enterprise 2.7.x prior to 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote malicious users to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified...
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.20
Puppetlabs Puppet 2.7.19
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.7
Puppet Puppet 2.7.8
Puppet Puppet 2.7.9
Puppet Puppet 2.7.10
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppet Puppet 2.7.16
Puppet Puppet 2.7.17
Puppet Puppet 2.7.18
Puppet Puppet Enterprise 3.1.0
Canonical Ubuntu Linux 11.10
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »