Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

kristian hermansen vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2011-3848
Directory traversal vulnerability in Puppet 2.6.x prior to 2.6.10 and 2.7.x prior to 2.7.4 allows remote malicious users to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject o...
Puppet Puppet 2.6.2Puppet Puppet 2.6.3Puppetlabs Puppet 2.7.0Puppetlabs Puppet 2.7.1Puppet Puppet 2.6.0Puppet Puppet 2.6.1Puppet Puppet 2.6.8Puppet Puppet 2.6.9Puppet Puppet 2.6.6Puppet Puppet 2.6.7Puppet Puppet 2.6.4Puppet Puppet 2.6.5Puppet Puppet 2.7.2Puppet Puppet 2.7.3
NA
CVE-2011-3869
Puppet 2.7.x prior to 2.7.5, 2.6.x prior to 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
Puppetlabs Puppet 2.7.0Puppet Puppet 2.7.3Puppet Puppet 2.6.1Puppet Puppet 2.6.8Puppet Puppet 2.7.2Puppetlabs Puppet 2.7.1Puppet Puppet 2.6.3Puppet Puppet 2.6.2Puppet Puppet 2.6.9Puppet Puppet 2.6.4Puppet Puppet 2.6.5Puppet Puppet 2.6.10Puppet Puppet 2.7.4Puppet Puppet 2.6.0Puppet Puppet 2.6.7Puppet Puppet 2.6.6Puppet Puppet 0.25.1Puppet Puppet 0.25.2Puppet Puppet 0.25.3Puppet Puppet 0.25.0Puppet Puppet 0.25.6Puppet Puppet 0.25.4
NA
CVE-2011-3871
Puppet 2.7.x prior to 2.7.5, 2.6.x prior to 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
Puppet Puppet 2.7.2Puppetlabs Puppet 2.7.1Puppet Puppet 2.6.4Puppet Puppet 2.6.3Puppet Puppet 2.6.10Puppet Puppet 2.6.0Puppet Puppet 2.6.6Puppet Puppet 2.6.5Puppetlabs Puppet 2.7.0Puppet Puppet 2.7.4Puppet Puppet 2.6.2Puppet Puppet 2.6.1Puppet Puppet 2.7.3Puppet Puppet 2.6.9Puppet Puppet 2.6.8Puppet Puppet 2.6.7Puppet Puppet 0.25.4Puppet Puppet 0.25.5Puppet Puppet 0.25.3Puppet Puppet 0.25.2Puppet Puppet 0.25.1Puppet Puppet 0.25.0
NA
CVE-2011-3870
Puppet 2.7.x prior to 2.7.5, 2.6.x prior to 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
Puppetlabs Puppet 2.7.0Puppet Puppet 2.7.4Puppet Puppet 2.6.2Puppet Puppet 2.6.1Puppet Puppet 2.7.2Puppetlabs Puppet 2.7.1Puppet Puppet 2.6.4Puppet Puppet 2.6.3Puppet Puppet 2.6.10Puppet Puppet 2.6.0Puppet Puppet 2.6.6Puppet Puppet 2.6.5Puppet Puppet 2.7.3Puppet Puppet 2.6.9Puppet Puppet 2.6.8Puppet Puppet 2.6.7Puppet Puppet 0.25.3Puppet Puppet 0.25.2Puppet Puppet 0.25.4Puppet Puppet 0.25.5Puppet Puppet 0.25.1Puppet Puppet 0.25.0
NA
CVE-2007-1531
Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote malicious users to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.
Microsoft Windows XpMicrosoft Windows Vista
NA
CVE-2006-1183
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.
Ubuntu Ubuntu Linux 5.10
NA
CVE-2005-1059
Linksys WET11 1.5.4 allows remote malicious users to change the password without providing the original password via the data parameter to changepw.html.
Linksys Wet11Linksys Wet11 1.4.3Linksys Wet11 1.5.4
NA
CVE-2006-7098
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
Debian Apache 1.3.34.4
NA
CVE-2013-4011
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
Ibm Aix 6.1Ibm Aix 7.1Ibm Vios 2.2.2.2
NA
CVE-2007-2356
Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote malicious users to execute arbitrary code via a crafted RAS file.
Gimp Gimp 2.2.14
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook