16 matches found
Ubuntu: Security Advisory (USN-3308-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Puppet vulnerabilities (USN-3308-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3308-1 advisory. Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code...
USN-3308-1: Puppet vulnerabilities
Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code. CVE-2014-3248 It was discovered that Puppet incorrectly handled YAML deserialization. A remote attacker could possibly use this issue to execute...
Gentoo Security Advisory GLSA 201412-45
Gentoo Linux Local Security Checks GLSA 201412-45 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Gentoo Security Advisory GLSA 201412-15
Gentoo Linux Local Security Checks GLSA 201412-15 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Amazon Linux: Security Advisory (ALAS-2015-484)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: puppet
Issue Overview: Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges...
Oracle Solaris Third-Party Patch Update : facter (cve_2014_3248_untrusted_search)
The remote Solaris system is missing necessary patches to address security updates : - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when...
Oracle Solaris Third-Party Patch Update : puppet (multiple_vulnerabilities_in_puppet1)
The remote Solaris system is missing necessary patches to address security updates : - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when...
GLSA-201412-45 : Facter: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201412-45 Facter: Privilege escalation Facter includes the current working directory in the search path. Impact : A local attacker may be able to gain escalated privileges. Workaround : There is no known workaround at this time...
Medium: facter
Issue Overview: Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges...
Fedora 20 : facter-1.7.6-1.fc20 (2014-12699)
Update to 1.7.6 for bz1107891 and CVE-2014-3248 See http://puppetlabs.com/security/cve/CVE-2014-3248 for more information upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...
CVE-2014-3248
CVE-2014-3248 documents an untrusted search path vulnerability affecting Puppet-related components. Affected software includes Puppet Enterprise 2.8 (before 2.8.7), Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, runn...
Puppet < 2.7.26 / 3.6.2 and Enterprise 2.8.x < 2.8.7 Multiple Vulnerabilities
According to its self-reported version number, the Puppet install on the remote host is affected by multiple vulnerabilities : - A privilege escalation vulnerability related to input validation and paths exists in the bundled Ruby environment. An attacker could trick a privileged user into...
SUSE-RU-2015:0696-1 Security update for puppet
Puppet was updated to fix the following security issues: Unsafe use of temporary files. CVE-2013-4969 Arbitrary code execution with required social engineering. CVE-2014-3248, CVE-2014-3250 Security Issues references: CVE-2014-3248 CVE-2013-4969 CVE-2014-3250...