Lucene search
K

75 matches found

Cvelist
Cvelist
added 2015/02/03 4:0 p.m.23 views

CVE-2014-9568

puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter...

5.7AI score0.00352EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.29 views

Oracle Solaris Third-Party Patch Update : facter (cve_2014_3248_untrusted_search)

The remote Solaris system is missing necessary patches to address security updates : - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/12/29 12:0 a.m.65 views

GLSA-201412-45 : Facter: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201412-45 Facter: Privilege escalation Facter includes the current working directory in the search path. Impact : A local attacker may be able to gain escalated privileges. Workaround : There is no known workaround at this time...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References2
Gentoo Linux
Gentoo Linux
added 2014/12/26 12:0 a.m.55 views

Facter: Privilege escalation

Background Facter is a cross-platform Ruby library for retrieving facts from operating systems. Description Facter includes the current working directory in the search path. Impact A local attacker may be able to gain escalated privileges. Workaround There is no known workaround at this time...

6.2CVSS6.8AI score0.00537EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/12/10 12:0 a.m.24 views

Amazon Linux AMI : facter (ALAS-2014-456)

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

6.2CVSS6.7AI score0.00537EPSS
Exploits1References2
Amazon
Amazon
added 2014/12/08 12:0 a.m.38 views

Medium: facter

Issue Overview: Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges...

6.2CVSS7AI score0.00537EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/11/24 12:0 a.m.28 views

Fedora 20 : facter-1.7.6-1.fc20 (2014-12699)

Update to 1.7.6 for bz1107891 and CVE-2014-3248 See http://puppetlabs.com/security/cve/CVE-2014-3248 for more information upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2014/11/23 12:0 a.m.26 views

Fedora Update for facter FEDORA-2014-12699

Check the version of facter SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868513";...

6.2CVSS8.2AI score0.00537EPSS
Exploits1References2
Fedora
Fedora
added 2014/11/22 12:33 p.m.26 views

[SECURITY] Fedora 20 Update: facter-1.7.6-1.fc20

Facter is a lightweight program that gathers basic node information about t he hardware and operating system. Facter is especially useful for retrieving things like operating system names, hardware characteristics, IP addresses, MAC addresses, and SSH keys. Facter is extensible and allows gatheri...

6.2CVSS0.2AI score0.00537EPSS
Exploits1
NVD
NVD
added 2014/11/16 5:59 p.m.15 views

CVE-2014-3248

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

6.2CVSS6.3AI score0.00537EPSS
Exploits1References5
OSV
OSV
added 2014/11/16 5:59 p.m.1 views

DEBIAN-CVE-2014-3248

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

6.2CVSS7AI score0.00537EPSS
Exploits1References1
Prion
Prion
added 2014/11/16 5:59 p.m.23 views

Design/Logic Flaw

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References5Affected Software5
Cvelist
Cvelist
added 2014/11/16 5:0 p.m.17 views

CVE-2014-3248

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

7AI score0.00537EPSS
Exploits1References5
CVE
CVE
added 2014/11/16 5:0 p.m.134 views

CVE-2014-3248

CVE-2014-3248 documents an untrusted search path vulnerability affecting Puppet-related components. Affected software includes Puppet Enterprise 2.8 (before 2.8.7), Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, runn...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2014/11/16 12:0 a.m.4 views

UBUNTU-CVE-2014-3248

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References5
Rows per page
Query Builder