Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-27019
PuppetDB logging included potentially sensitive system information.
Puppet Puppet Enterprise
Puppet Puppetdb
NA
CVE-2012-3408
lib/puppet/network/authstore.rb in Puppet prior to 2.7.18, and Puppet Enterprise prior to 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote malicious users to spoof an agent by acquiring a previously used IP address.
Puppetlabs Puppet
Puppet Puppet Enterprise
9.8
CVSSv3
CVE-2018-6512
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions before 2018.1.1 and razor-server and pe-razor-server before 1.9.0.0.
Puppet Razor-server
Puppet Puppet Enterprise
Puppet Pe-razor-server
NA
CVE-2015-1426
Puppet Labs Facter 1.6.0 up to and including 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
Puppet Facter 1.6.0
Puppetlabs Facter 1.6.5
Puppet Facter 1.6.6
Puppetlabs Facter 1.6.6
Puppet Facter 1.6.7
Puppet Facter 1.6.13
Puppetlabs Facter 1.6.13
Puppet Facter 1.6.14
Puppetlabs Facter 1.6.14
Puppetlabs Facter 1.7.2
Puppet Facter 1.7.3
Puppetlabs Facter 1.7.3
Puppet Facter 1.7.4
Puppetlabs Facter 2.0.1
Puppet Facter 2.0.2
Puppet Facter 2.1.0
Puppetlabs Facter 1.6.1
Puppet Facter 1.6.2
Puppetlabs Facter 1.6.2
Puppet Facter 1.6.3
Puppetlabs Facter 1.6.9
Puppet Facter 1.6.10
7.8
CVSSv3
CVE-2018-6514
In Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, Puppet Agent 5.5.x before 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
Puppet Puppet
7.8
CVSSv3
CVE-2018-6515
Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, and Puppet Agent 5.5.x before 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
Puppet Puppet
5.3
CVSSv3
CVE-2016-2787
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x prior to 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
Puppetlabs Puppet Enterprise 2015.3
Puppet Puppet Enterprise 2015.3.2
8
CVSSv3
CVE-2018-6508
Puppet Enterprise 2017.3.x before 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not a...
Puppet Puppet Enterprise
5.4
CVSSv3
CVE-2018-6510
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions before 2017.3.6.
Puppet Puppet Enterprise
5.4
CVSSv3
CVE-2018-6511
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions before 2017.3.6.
Puppet Puppet Enterprise
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »