CVE-2018-6508

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...

CVE-2019-10651

An issue was discovered in the Core Server in Ivanti Endpoint Manager EPM 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update...

CVE-2019-10651

CVE-2019-10651 affects Ivanti Endpoint Manager (EPM) Core Server. Versions 2017.3 prior to SU7 and 2018.x prior to 2018.3 SU3 are vulnerable to remote code execution when lacking the April 2019 update. The issue originates in the Core Server and is exploitable remotely over the network with no au...

Puppet Enterprise Console Cross-Site Scripting Vulnerability (CNVD-2018-09253)

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is its enterprise version.Puppet Enterprise Console is one of t...

Puppet Enterprise Console Cross-Site Scripting Vulnerability (CNVD-2018-09252)

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is its enterprise version.Puppet Enterprise Console is one of t...

CVE-2018-6510

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6...

CVE-2018-6511

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6...

Puppet Enterprise Remote Code Execution Vulnerability

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is an enterprise version. A remote code execution vulnerability...

UBUNTU-CVE-2018-6508

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...

CVE-2018-6508

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...

CVE-2017-11463

In Ivanti Service Desk formerly LANDESK Management Suite versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in...