Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

48 matches found

Cvelist
Cvelistadded 2020/03/11 9:56 p.m.15 views

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.3AI score0.65366EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2020/03/11 12:0 a.m.2 views

PT-2020-19863 · Puppet +1 · Puppet Server +3

Name of the Vulnerable Software and Affected Versions: Puppet Enterprise versions prior to 2018.1.13 Puppet Enterprise versions prior to 2019.5.0 Puppet Server versions prior to 6.9.2 Puppet Server versions prior to 5.3.12 PuppetDB versions prior to 6.9.1 PuppetDB versions prior to 5.2.13...

7.5CVSS8.3AI score0.65366EPSS
Exploits0References14
FreeBSD
FreeBSDadded 2020/03/10 12:0 a.m.23 views

puppetserver and puppetdb -- Puppet Server and PuppetDB may leak sensitive information via metrics API

Puppetlabs reports: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as we...

7.5CVSS7.2AI score0.65366EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2017/07/05 3:29 p.m.20 views

CVE-2017-2294

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive a feature added in Puppet 4.6, so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore...

7.5CVSS7.1AI score0.00306EPSS
Exploits0References2
Prion
Prionadded 2017/07/05 3:29 p.m.10 views

Code injection

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive a feature added in Puppet 4.6, so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore...

5CVSS7.4AI score0.00306EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2017/07/05 3:29 p.m.15 views

CVE-2017-2294

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive a feature added in Puppet 4.6, so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore...

7.5CVSS7.4AI score0.00306EPSS
Exploits0References1
OSV
OSVadded 2017/07/05 3:29 p.m.1 views

CVE-2017-2294

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive a feature added in Puppet 4.6, so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References1
Kitploit
Kitploitadded 2015/07/17 9:46 p.m.18 views

SIMP - System Integrity Management Platform

SIMP is a framework that aims to provide a reasonable combination of security compliance and operational flexibility. The ultimate goal of the project is to provide a complete management environment focused on compliance with the various profiles in the SCAP Security Guide Project and industry be...

7.2AI score
Exploits0References95
Rows per page
Query Builder