Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2015-7328
Puppet Server in Puppet Enterprise prior to 3.8.x prior to 3.8.3 and 2015.2.x prior to 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to ...
Puppet Puppet Enterprise 2015.2.0
Puppet Puppet Enterprise 2015.2.2
Puppet Puppet Enterprise 2015.2.1
Puppet Puppet Enterprise 3.8.2
Puppet Puppet Enterprise 3.8.0
Puppet Puppet Enterprise 3.8.1
2.1
CVSSv2
CVE-2015-1426
Puppet Labs Facter 1.6.0 up to and including 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
Puppet Facter 1.6.0
Puppetlabs Facter 1.6.5
Puppet Facter 1.6.6
Puppetlabs Facter 1.6.6
Puppet Facter 1.6.7
Puppet Facter 1.6.13
Puppetlabs Facter 1.6.13
Puppet Facter 1.6.14
Puppetlabs Facter 1.6.14
Puppetlabs Facter 1.7.2
Puppet Facter 1.7.3
Puppetlabs Facter 1.7.3
Puppet Facter 1.7.4
Puppetlabs Facter 2.0.1
Puppet Facter 2.0.2
Puppet Facter 2.1.0
Puppetlabs Facter 1.6.1
Puppet Facter 1.6.2
Puppetlabs Facter 1.6.2
Puppet Facter 1.6.3
Puppetlabs Facter 1.6.9
Puppet Facter 1.6.10
6.5
CVSSv2
CVE-2015-1029
The puppetlabs-stdlib module 2.1 up to and including 3.0 and 4.1.0 up to and including 4.5.x prior to 4.5.1 for Puppet 2.8.8 and previous versions allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
Puppet Stdlib 4.5.0
Puppet Stdlib 2.3.3
Puppet Stdlib 2.3.2
Puppet Stdlib 2.3.1
Puppet Stdlib 2.3.0
Puppet Stdlib 2.2.1
Puppet Stdlib 4.2.2
Puppet Stdlib 4.2.1
Puppet Stdlib 4.2.0
Puppet Stdlib 4.1.0
Puppet Stdlib 4.3.2
Puppet Stdlib 4.3.0
Puppet Stdlib 3.0.0
Puppet Stdlib 2.4.0
Puppet Stdlib 2.2.0
Puppet Stdlib 2.1.1
Puppet Stdlib 4.4.0
Puppet Stdlib 4.3.1
Puppet Stdlib 2.5.0
Puppet Stdlib 2.1.3
Puppet Stdlib 2.1.2
Puppet Stdlib 2.1.0
1 Github repository
4
CVSSv2
CVE-2014-9355
Puppet Enterprise prior to 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.
Puppet Puppet Enterprise
1.9
CVSSv2
CVE-2014-7170
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.
Puppet Puppet Server 0.2.0
6.2
CVSSv2
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppetlabs Facter
Puppet Facter 2.0.1
Puppet Facter 2.0.0
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet
Puppet Puppet Enterprise
6.8
CVSSv2
CVE-2011-4953
The set_mgmt_parameters function in item.py in cobbler prior to 2.2.2 allows context-dependent malicious users to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.
Cobbler Project Cobbler
4.4
CVSSv2
CVE-2014-3251
The MCollective aes_security plugin, as used in Puppet Enterprise prior to 3.3.0 and Mcollective prior to 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecif...
Puppet Puppet Enterprise
Puppetlabs Mcollective -
5
CVSSv2
CVE-2014-3249
Puppet Enterprise 2.8.x prior to 2.8.7 allows remote malicious users to obtain sensitive information via vectors involving hiding and unhiding nodes.
Puppet Puppet Enterprise 2.8.5
Puppet Puppet Enterprise 2.8.6
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.8.4
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.3
7.5
CVSSv2
CVE-2013-0210
The smart proxy Puppet run API in Foreman prior to 1.2.0 allows remote malicious users to execute arbitrary commands via vectors related to escaping and Puppet commands.
Theforeman Foreman
Theforeman Foreman 0.4.1
Theforeman Foreman 0.4
Theforeman Foreman 0.2
Theforeman Foreman 0.3
Theforeman Foreman 0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »