Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet enterprise vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2016-2787
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x prior to 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
Puppetlabs Puppet Enterprise 2015.3
Puppet Puppet Enterprise 2015.3.2
445
VMScore
CVE-2016-9686
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2016.5.1
516
VMScore
CVE-2016-5715
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: thi...
Puppet Puppet Enterprise
516
VMScore
CVE-2015-6501
Open redirect vulnerability in the Console in Puppet Enterprise prior to 2015.2.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.
Puppet Puppet Enterprise
668
VMScore
CVE-2016-2786
The pxp-agent component in Puppet Enterprise 2015.3.x prior to 2015.3.3 and Puppet Agent 1.3.x prior to 1.3.6 does not properly validate server certificates, which might allow remote malicious users to spoof brokers and execute arbitrary commands via a crafted certificate.
Puppet Puppet Agent 1.3.0
Puppet Puppet Agent 1.3.1
Puppet Puppet Agent 1.3.2
Puppet Puppet Agent 1.3.4
Puppet Puppet Agent 1.3.5
Puppet Puppet Enterprise 2015.3.0
Puppet Puppet Enterprise 2015.3.2
578
VMScore
CVE-2015-7330
Puppet Enterprise 2015.3 prior to 2015.3.1 allows remote malicious users to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.
Puppet Puppet Enterprise 2015.3.0
169
VMScore
CVE-2015-7328
Puppet Server in Puppet Enterprise prior to 3.8.x prior to 3.8.3 and 2015.2.x prior to 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to ...
Puppet Puppet Enterprise 2015.2.0
Puppet Puppet Enterprise 2015.2.2
Puppet Puppet Enterprise 2015.2.1
Puppet Puppet Enterprise 3.8.2
Puppet Puppet Enterprise 3.8.0
Puppet Puppet Enterprise 3.8.1
356
VMScore
CVE-2014-9355
Puppet Enterprise prior to 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.
Puppet Puppet Enterprise
552
VMScore
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppetlabs Facter
Puppet Facter 2.0.1
Puppet Facter 2.0.0
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet
Puppet Puppet Enterprise
392
VMScore
CVE-2014-3251
The MCollective aes_security plugin, as used in Puppet Enterprise prior to 3.3.0 and Mcollective prior to 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecif...
Puppet Puppet Enterprise
Puppetlabs Mcollective -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »