Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet enterprise 2.7.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1640
The (1) template and (2) inline_template functions in the master server in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users to execute arbitrary code via a craf...
Puppet Puppet
Puppet Puppet 3.1.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.7.0
Puppet Puppet Enterprise 2.7.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
NA
CVE-2012-1989
telnet.rb in Puppet 2.7.x prior to 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
Puppet Puppet 2.7.8
Puppet Puppet 2.7.6
Puppet Puppet 2.7.11
Puppet Puppet 2.7.9
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.12
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.10
Puppet Puppet 2.7.5
Puppet Puppet Enterprise 1.2.1
Puppet Puppet Enterprise 1.2.4
Puppet Puppet Enterprise 2.0.1
Puppet Puppet Enterprise 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise 2.0.2
Puppet Puppet Enterprise 1.2.2
Puppet Puppet Enterprise 1.2.0
Puppet Puppet Enterprise 1.2.3
NA
CVE-2013-1652
Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspe...
Puppetlabs Puppet
Puppet Puppet 2.7.11
Puppet Puppet 2.7.18
Puppet Puppet 2.7.17
Puppet Puppet 2.7.13
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.9
Puppet Puppet 2.7.3
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.7
Puppet Puppet 2.7.5
Puppet Puppet 2.7.8
Puppet Puppet 2.7.6
Puppet Puppet 2.7.16
Puppet Puppet 2.7.2
Puppet Puppet 2.7.4
Puppet Puppet 2.7.12
Puppet Puppet Enterprise 3.1.0
NA
CVE-2011-3872
Puppet 2.6.x prior to 2.6.12 and 2.7.x prior to 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 prior to 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which all...
Puppet Puppet 2.6.1
Puppet Puppet 2.6.8
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.4
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.7.3
Puppet Puppet 2.7.5
Puppet Puppet 2.6.0
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.11
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.7.2
Puppetlabs Puppet 2.7.1
Puppet Puppet Enterprise 1.2.2
Puppet Puppet Enterprise 1.2.3
Puppetlabs Puppet Enterprise Users 1.0
Puppet Puppet Enterprise 1.2.0
1 Github repository
NA
CVE-2012-1054
Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
Puppet Puppet 2.6.11
Puppet Puppet 2.6.10
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.6.13
Puppet Puppet 2.6.12
Puppet Puppet 2.6.5
Puppet Puppet 2.6.4
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.1
Puppet Puppet 2.6.0
Puppet Puppet 2.7.10
Puppet Puppet 2.7.9
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.4
Puppet Puppet 2.7.8
Puppet Puppet 2.7.7
Puppet Puppet 2.7.3
Puppet Puppet 2.7.2
NA
CVE-2012-1053
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3 does not properly manage group privileges, which allows local users to gain...
Puppet Puppet 2.6.13
Puppet Puppet 2.6.5
Puppet Puppet 2.6.4
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.1
Puppet Puppet 2.6.0
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
Puppet Puppet 2.7.5
Puppet Puppet 2.7.2
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.1
NA
CVE-2012-1906
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or i...
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.6.13
Puppet Puppet 2.6.6
Puppet Puppet 2.6.5
Puppet Puppet 2.6.8
Puppet Puppet 2.6.7
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.3
Puppet Puppet 2.7.11
Puppet Puppet 2.7.7
Puppet Puppet 2.7.6
Puppet Puppet 2.7.5
NA
CVE-2012-1986
Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlin...
Puppet Puppet 2.6.13
Puppet Puppet 2.6.6
Puppet Puppet 2.6.5
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.8
Puppet Puppet 2.6.7
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.4
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.3
Puppet Puppet 2.7.11
NA
CVE-2012-1987
Unspecified vulnerability in Puppet 2.6.x prior to 2.6.15 and 2.7.x prior to 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x prior to 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a...
Puppet Puppet 2.6.6
Puppet Puppet 2.6.5
Puppet Puppet 2.6.13
Puppet Puppet 2.6.12
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.7
Puppet Puppet 2.6.0
Puppet Puppet 2.6.14
Puppet Puppet 2.6.11
Puppet Puppet 2.6.10
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
NA
CVE-2013-3567
Puppet 2.7.x prior to 2.7.22 and 3.2.x prior to 3.2.2, and Puppet Enterprise prior to 2.8.2, deserializes untrusted YAML, which allows remote malicious users to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.10
Puppet Puppet 2.7.18
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 3.2.0
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.21
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.2
Puppet Puppet 3.2.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.16
Puppet Puppet 2.7.17
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.04
Novell Suse Linux Enterprise Server 11.0
Novell Suse Linux Enterprise Desktop 11.0
Novell Suse Linux Enterprise Desktop 11
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »