EUVD-2022-3428

Malicious code in bioql PyPI...

EUVD-2024-24523

Malicious code in bioql PyPI...

Out-of-bounds

dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...

Moderate: Red Hat Bug Fix Advisory: Red Hat Satellite 6.2 Base Libraries

Red Hat Satellite 6.2 now available for Red Hat Enterprise Linux 5, 6 and 7 Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs...

AZL-44415 CVE-2015-1029 affecting package puppet for versions less than 7.34.0-1

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache...

DEBIAN-CVE-2015-1029

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache...

Puppet < 2.7.26 / 3.6.2 and Enterprise 2.8.x < 2.8.7 Multiple Vulnerabilities

According to its self-reported version number, the Puppet install on the remote host is affected by multiple vulnerabilities : - A privilege escalation vulnerability related to input validation and paths exists in the bundled Ruby environment. An attacker could trick a privileged user into...

Puppet 2.7.x / 3.2.x < 2.7.23 / 3.2.4 and Enterprise 2.8.x / 3.0.x < 2.8.3 / 3.0.1 Multiple Vulnerabilities

According to its self-reported version number, the Puppet install on the remote host has multiple vulnerabilities: - By using the 'resourcetype' service, an attacker could cause Puppet to load arbitrary Ruby files from the Puppet Master node's file system. While this behavior is not enabled by...

CVE-2013-1653

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code v...

CVE-2013-2275

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors...

CVE-2012-3866

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...

CVE-2010-0156

Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/daemonout, 2 /tmp/puppetdoc.txt, 3 /tmp/puppetdoc.tex, or 4 /tmp/puppetdoc.aux temporary file...