Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet enterprise 2.0.2 vulnerabilities and exploits
(subscribe to this query)
6.2
CVSSv2
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppet Facter 2.0.0
Puppet Facter 2.0.1
Puppetlabs Facter
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet Enterprise
Puppet Puppet
6.8
CVSSv2
CVE-2013-4963
Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) prior to 3.0.1 allow remote malicious users to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.
Puppet Puppet Enterprise 1.0
Puppet Puppet Enterprise 1.1
Puppet Puppet Enterprise 1.2.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.0.1
Puppet Puppet Enterprise 2.0.2
Puppet Puppet Enterprise 2.0.3
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise
3.6
CVSSv2
CVE-2012-1989
telnet.rb in Puppet 2.7.x prior to 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.8
Puppet Puppet 2.7.9
Puppet Puppet 2.7.10
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet Enterprise 1.2.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.0.1
Puppet Puppet Enterprise 2.0.2
Puppet Puppet Enterprise 1.2.1
Puppet Puppet Enterprise 1.2.2
Puppet Puppet Enterprise 1.2.3
Puppet Puppet Enterprise 1.2.4
Puppet Puppet Enterprise 2.5.0
6.9
CVSSv2
CVE-2012-1053
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3 does not properly manage group privileges, which allows local users to gain...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.7
3.3
CVSSv2
CVE-2012-1906
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or i...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
2.1
CVSSv2
CVE-2012-1986
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlin...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
3.5
CVSSv2
CVE-2012-1987
Unspecified vulnerability in Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a...
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppet Puppet 2.6.14
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
4.4
CVSSv2
CVE-2012-1054
Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.11
Puppet Puppet 2.6.12
Puppet Puppet 2.6.13
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
Puppet Puppet 2.7.4
Puppet Puppet 2.7.5
Puppet Puppet 2.7.6
Puppet Puppet 2.7.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started