Search CVE reports


Toggle filters

31 – 40 of 80 results


CVE-2015-7328

Medium priority
Not affected

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and...

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puppet
Show less packages

CVE-2015-7224

Medium priority
Not affected

puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.

1 affected package

puppet-module-puppetlabs-mysql

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puppet-module-puppetlabs-mysql
Show less packages

CVE-2015-4100

Medium priority
Not affected

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puppet
Show less packages

CVE-2015-1029

Medium priority
Ignored

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.

1 affected package

puppet-module-puppetlabs-stdlib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puppet-module-puppetlabs-stdlib Not affected
Show less packages

CVE-2014-9355

Medium priority
Not affected

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puppet
Show less packages

CVE-2014-3250

Low priority
Ignored

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master...

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puppet
Show less packages

CVE-2014-3248

Low priority

Some fixes available 1 of 19

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby...

4 affected packages

facter, mcollective, puppet, ruby-hiera

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
facter Not affected Not affected Not affected Not affected
mcollective Not affected Not affected Not affected Not affected
puppet Not in release Not affected Not affected Not affected
ruby-hiera Not in release Not in release Not in release Not in release
Show less packages

CVE-2013-4969

Low priority

Some fixes available 4 of 5

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puppet
Show less packages

CVE-2013-4968

Medium priority
Not affected

Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live...

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puppet
Show less packages

CVE-2013-4967

Medium priority
Ignored

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.

1 affected package

puppet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puppet
Show less packages