EUVD-2021-0827

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-7942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate...

SUSE CVE-2020-7942

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...

Mageia: Security Advisory (MGASA-2015-0091)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper Certificate Validation in Puppet

Previously, Puppet operated on the model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for...

Improper Input Validation

Overview puppet is an automated configuration management tool. Affected versions of this package are vulnerable to Improper Input Validation. Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed...

Improper Certificate Validation in Puppet

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...

puppet: Arbitrary catalog retrieval

A flaw was found in Puppet, where changes in the application lead to node declarations having increased access. An attacker can use this flaw to modify run facts and to retrieve different nodes of information when the stricthostnamechecking is false, and the node's catalog falls back to the defau...

DEBIAN-CVE-2020-7942

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...

Default credentials

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...

CVE-2020-7942

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...

CVE-2020-7942

CVE-2020-7942 concerns Puppet’s certificate-based access model. The issue arises when a node’s catalog can be retrieved for another node by altering facts during a run, potentially exposing information if a certificate is compromised. Affected are Puppet 6.x before 6.13.0, Puppet Agent 6.x before...

puppet6 -- Arbitrary Catalog Retrieval

Puppetlabs reports: Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog ca...

MGASA-2015-0091 Updated python packages fix CVE-2014-9365

Updated python packages fix security vulnerability: When Python's standard library HTTP clients httplib, urllib, urllib2, xmlrpclib are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against th...

DSA-2809-1 ruby1.8 - several

Bulletin has no description...

Debian Security Advisory DSA 2809-1 (ruby1.8 - several vulnerabilities)

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consuming a...

Debian DSA-2738-1 : ruby1.9.1 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1821 Ben Murphy discovered that unrestricted enti...

Проблемы с tcp_wrappers в FreeBSD (protection bypass)

Режим PARANOID hostname chacking не работает так, как заявлено...

Security Advisory FreeBSD-SA-01:56.tcp_wrappers

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:56 Security Advisory FreeBSD, Inc. Topic: tcpwrappers PARANOID hostname checking does not work Category: core Module: tcpwrappers Announced: 2001-08-23 Credits: Tony Finc...

FreeBSD-SA-01:56.tcp_wrappers

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:56 Security Advisory FreeBSD, Inc. Topic: tcpwrappers PARANOID hostname checking does not work Category: core Module: tcpwrappers Announced: 2001-08-23 Credits: Tony Finc...