Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppetlabs puppet 2.6.0 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2013-2716
Puppet Labs Puppet Enterprise prior to 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote malicious users to obtain console access via a crafted cookie.
Puppet Puppet Enterprise 2.5.2
Puppetlabs Puppet 2.6.0
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise
Puppetlabs Puppet 1.1.0
Puppetlabs Puppet 1.0.0
Puppet Puppet Enterprise 2.0.0
Puppetlabs Puppet 1.2.0
605
VMScore
CVE-2013-1399
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) prior to 2.7.1 allow remote malicious users to hijack the authentication of unspecif...
Puppetlabs Puppet 2.6.0
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
756
VMScore
CVE-2013-1398
The pe_mcollective module in Puppet Enterprise (PE) prior to 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the m...
Puppet Puppet Enterprise 2.5.1
Puppetlabs Puppet 2.5.0
Puppet Puppet Enterprise 2.0.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.5.2
Puppetlabs Puppet 2.6.0
668
VMScore
CVE-2013-3567
Puppet 2.7.x prior to 2.7.22 and 3.2.x prior to 3.2.2, and Puppet Enterprise prior to 2.8.2, deserializes untrusted YAML, which allows remote malicious users to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.7.10
Puppet Puppet 2.7.18
Puppetlabs Puppet 2.7.19
Puppetlabs Puppet 3.2.0
Puppet Puppet 2.7.13
Puppet Puppet 2.7.14
Puppetlabs Puppet 2.7.20
Puppet Puppet 2.7.21
Puppet Puppet 2.7.11
Puppet Puppet 2.7.12
Puppet Puppet 2.7.2
Puppet Puppet 3.2.1
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.16
Puppet Puppet 2.7.17
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.04
Novell Suse Linux Enterprise Server 11.0
Novell Suse Linux Enterprise Desktop 11.0
Novell Suse Linux Enterprise Desktop 11
1 Article
445
VMScore
CVE-2011-3848
Directory traversal vulnerability in Puppet 2.6.x prior to 2.6.10 and 2.7.x prior to 2.7.4 allows remote malicious users to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject o...
Puppet Puppet 2.6.2
Puppet Puppet 2.6.3
Puppetlabs Puppet 2.7.0
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.6.0
Puppet Puppet 2.6.1
Puppet Puppet 2.6.8
Puppet Puppet 2.6.9
Puppet Puppet 2.6.6
Puppet Puppet 2.6.7
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.7.2
Puppet Puppet 2.7.3
231
VMScore
CVE-2011-3872
Puppet 2.6.x prior to 2.6.12 and 2.7.x prior to 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 prior to 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which all...
Puppet Puppet 2.6.1
Puppet Puppet 2.6.8
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.4
Puppet Puppet 2.6.9
Puppet Puppet 2.6.10
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.7.3
Puppet Puppet 2.7.5
Puppet Puppet 2.6.0
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.11
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.7.2
Puppetlabs Puppet 2.7.1
Puppet Puppet Enterprise 1.2.2
Puppet Puppet Enterprise 1.2.3
Puppetlabs Puppet Enterprise Users 1.0
Puppet Puppet Enterprise 1.2.0
1 Github repository
392
VMScore
CVE-2012-1054
Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.
Puppet Puppet 2.6.11
Puppet Puppet 2.6.10
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.6.13
Puppet Puppet 2.6.12
Puppet Puppet 2.6.5
Puppet Puppet 2.6.4
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.1
Puppet Puppet 2.6.0
Puppet Puppet 2.7.10
Puppet Puppet 2.7.9
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.4
Puppet Puppet 2.7.8
Puppet Puppet 2.7.7
Puppet Puppet 2.7.3
Puppet Puppet 2.7.2
614
VMScore
CVE-2012-1053
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x prior to 2.6.14 and 2.7.x prior to 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x prior to 2.0.3 does not properly manage group privileges, which allows local users to gain...
Puppet Puppet 2.6.13
Puppet Puppet 2.6.5
Puppet Puppet 2.6.4
Puppet Puppet 2.6.10
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.1
Puppet Puppet 2.6.0
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 2.6.12
Puppet Puppet 2.6.11
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.7.9
Puppet Puppet 2.7.8
Puppet Puppet 2.7.4
Puppet Puppet 2.7.3
Puppet Puppet 2.7.5
Puppet Puppet 2.7.2
Puppet Puppet 2.7.10
Puppetlabs Puppet 2.7.1
561
VMScore
CVE-2011-3869
Puppet 2.7.x prior to 2.7.5, 2.6.x prior to 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.3
Puppet Puppet 2.6.1
Puppet Puppet 2.6.8
Puppet Puppet 2.7.2
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.6.3
Puppet Puppet 2.6.2
Puppet Puppet 2.6.9
Puppet Puppet 2.6.4
Puppet Puppet 2.6.5
Puppet Puppet 2.6.10
Puppet Puppet 2.7.4
Puppet Puppet 2.6.0
Puppet Puppet 2.6.7
Puppet Puppet 2.6.6
Puppet Puppet 0.25.1
Puppet Puppet 0.25.2
Puppet Puppet 0.25.3
Puppet Puppet 0.25.0
Puppet Puppet 0.25.6
Puppet Puppet 0.25.4
561
VMScore
CVE-2011-3870
Puppet 2.7.x prior to 2.7.5, 2.6.x prior to 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
Puppetlabs Puppet 2.7.0
Puppet Puppet 2.7.4
Puppet Puppet 2.6.2
Puppet Puppet 2.6.1
Puppet Puppet 2.7.2
Puppetlabs Puppet 2.7.1
Puppet Puppet 2.6.4
Puppet Puppet 2.6.3
Puppet Puppet 2.6.10
Puppet Puppet 2.6.0
Puppet Puppet 2.6.6
Puppet Puppet 2.6.5
Puppet Puppet 2.7.3
Puppet Puppet 2.6.9
Puppet Puppet 2.6.8
Puppet Puppet 2.6.7
Puppet Puppet 0.25.3
Puppet Puppet 0.25.2
Puppet Puppet 0.25.4
Puppet Puppet 0.25.5
Puppet Puppet 0.25.1
Puppet Puppet 0.25.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »