Lucene search
K

16 matches found

OpenVAS
OpenVAS
added 2017/06/06 12:0 a.m.26 views

Ubuntu: Security Advisory (USN-3308-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.3AI score0.02375EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2017/06/06 12:0 a.m.37 views

Ubuntu 14.04 LTS : Puppet vulnerabilities (USN-3308-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3308-1 advisory. Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code...

8.2CVSS7.6AI score0.02375EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2017/06/05 4:28 p.m.61 views

USN-3308-1: Puppet vulnerabilities

Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code. CVE-2014-3248 It was discovered that Puppet incorrectly handled YAML deserialization. A remote attacker could possibly use this issue to execute...

8.2CVSS7.4AI score0.02375EPSS
Exploits1
OpenVAS
OpenVAS
added 2015/09/29 12:0 a.m.22 views

Gentoo Security Advisory GLSA 201412-45

Gentoo Linux Local Security Checks GLSA 201412-45 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

6.2CVSS6.7AI score0.00537EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2015/09/29 12:0 a.m.22 views

Gentoo Security Advisory GLSA 201412-15

Gentoo Linux Local Security Checks GLSA 201412-15 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

6.2CVSS6.7AI score0.00537EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.32 views

Amazon Linux: Security Advisory (ALAS-2015-484)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References2
Amazon
Amazon
added 2015/02/12 12:0 a.m.35 views

Medium: puppet

Issue Overview: Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges...

6.2CVSS7AI score0.00537EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.28 views

Oracle Solaris Third-Party Patch Update : facter (cve_2014_3248_untrusted_search)

The remote Solaris system is missing necessary patches to address security updates : - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.20 views

Oracle Solaris Third-Party Patch Update : puppet (multiple_vulnerabilities_in_puppet1)

The remote Solaris system is missing necessary patches to address security updates : - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when...

6.5CVSS6.8AI score0.00894EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/12/29 12:0 a.m.65 views

GLSA-201412-45 : Facter: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201412-45 Facter: Privilege escalation Facter includes the current working directory in the search path. Impact : A local attacker may be able to gain escalated privileges. Workaround : There is no known workaround at this time...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References2
Amazon
Amazon
added 2014/12/08 12:0 a.m.37 views

Medium: facter

Issue Overview: Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges...

6.2CVSS7AI score0.00537EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/11/24 12:0 a.m.28 views

Fedora 20 : facter-1.7.6-1.fc20 (2014-12699)

Update to 1.7.6 for bz1107891 and CVE-2014-3248 See http://puppetlabs.com/security/cve/CVE-2014-3248 for more information upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References4
OSV
OSV
added 2014/11/16 5:59 p.m.7 views

CVE-2014-3248

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

6.2CVSS6.4AI score0.00537EPSS
Exploits1References6
CVE
CVE
added 2014/11/16 5:0 p.m.134 views

CVE-2014-3248

CVE-2014-3248 documents an untrusted search path vulnerability affecting Puppet-related components. Affected software includes Puppet Enterprise 2.8 (before 2.8.7), Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, runn...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2014/07/02 12:0 a.m.43 views

Puppet < 2.7.26 / 3.6.2 and Enterprise 2.8.x < 2.8.7 Multiple Vulnerabilities

According to its self-reported version number, the Puppet install on the remote host is affected by multiple vulnerabilities : - A privilege escalation vulnerability related to input validation and paths exists in the bundled Ruby environment. An attacker could trick a privileged user into...

6.5CVSS7.3AI score0.01779EPSS
Exploits1References6
OSV
OSV
added 2014/06/30 3:48 p.m.14 views

SUSE-RU-2015:0696-1 Security update for puppet

Puppet was updated to fix the following security issues: Unsafe use of temporary files. CVE-2013-4969 Arbitrary code execution with required social engineering. CVE-2014-3248, CVE-2014-3250 Security Issues references: CVE-2014-3248 CVE-2013-4969 CVE-2014-3250...

7.5CVSS6.8AI score0.03408EPSS
Exploits2References15
Rows per page
Query Builder