Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet agent vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2017-2290
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. Puppet Enterprise users are not affected. This is resolve...
Puppet Mcollective-puppet-agent 1.12.0
801
VMScore
CVE-2013-1640
The (1) template and (2) inline_template functions in the master server in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users to execute arbitrary code via a craf...
Puppet Puppet
Puppet Puppet 3.1.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.7.0
Puppet Puppet Enterprise 2.7.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
668
VMScore
CVE-2016-5713
Versions of Puppet Agent before 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
Puppet Puppet Agent
668
VMScore
CVE-2016-2786
The pxp-agent component in Puppet Enterprise 2015.3.x prior to 2015.3.3 and Puppet Agent 1.3.x prior to 1.3.6 does not properly validate server certificates, which might allow remote malicious users to spoof brokers and execute arbitrary commands via a crafted certificate.
Puppet Puppet Agent 1.3.0
Puppet Puppet Agent 1.3.1
Puppet Puppet Agent 1.3.2
Puppet Puppet Agent 1.3.4
Puppet Puppet Agent 1.3.5
Puppet Puppet Enterprise 2015.3.0
Puppet Puppet Enterprise 2015.3.2
668
VMScore
CVE-2016-2785
Puppet Server prior to 2.3.2 and Ruby puppetmaster in Puppet 4.x prior to 4.4.2 and in Puppet Agent prior to 1.4.2 might allow remote malicious users to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.
Puppet Puppet 4.0.0
Puppet Puppet 4.1.0
Puppet Puppet 4.2.0
Puppet Puppet 4.2.1
Puppet Puppet 4.2.2
Puppet Puppet 4.2.3
Puppet Puppet 4.3.0
Puppet Puppet 4.3.1
Puppet Puppet 4.3.2
Puppet Puppet 4.4.0
Puppet Puppet 4.4.1
Puppet Puppet Server 2.0.0
Puppet Puppet Server 2.1.0
Puppet Puppet Server 2.1.1
Puppet Puppet Server 2.1.2
Puppet Puppet Server 2.2.0
Puppet Puppet Server 2.3.0
Puppet Puppet Server 2.3.1
Puppet Puppet Agent 1.4.1
668
VMScore
CVE-2013-1655
Puppet 2.7.x prior to 2.7.21 and 3.1.x prior to 3.1.1, when running Ruby 1.9.3 or later, allows remote malicious users to execute arbitrary code via vectors related to "serialized attributes."
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.7
Puppet Puppet 2.7.8
Puppet Puppet 2.7.9
Puppet Puppet 2.7.10
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppet Puppet 2.7.16
Puppet Puppet 2.7.17
Puppet Puppet 2.7.18
Puppet Puppet Enterprise 3.1.0
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
632
VMScore
CVE-2013-1653
Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authentica...
Puppet Puppet
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.20
Puppetlabs Puppet 2.7.19
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.7
Puppet Puppet 2.7.8
Puppet Puppet 2.7.9
Puppet Puppet 2.7.10
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppet Puppet 2.7.16
Puppet Puppet 2.7.17
Puppet Puppet 2.7.18
Puppet Puppet Enterprise 3.1.0
605
VMScore
CVE-2018-6515
Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, and Puppet Agent 5.5.x before 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
Puppet Puppet
605
VMScore
CVE-2018-6514
In Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, Puppet Agent 5.5.x before 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
Puppet Puppet
578
VMScore
CVE-2018-6513
Puppet Enterprise 2016.4.x before 2016.4.12, Puppet Enterprise 2017.3.x before 2017.3.7, Puppet Enterprise 2018.1.x before 2018.1.1, Puppet Agent 1.10.x before 1.10.13, Puppet Agent 5.3.x before 5.3.7, and Puppet Agent 5.5.x before 5.5.2, were vulnerable to an attack where an unp...
Puppet Puppet
Puppet Puppet Enterprise
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »