76 matches found
EUVD-2014-3264
Malware in sbrugna...
EUVD-2014-0228
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2014-3248
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera...
Design/Logic Flaw
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity...
CVE-2013-4561
CVE-2013-4561 concerns OpenShift runtime: a cron job on an OpenShift node updates mcollective facts and mishandles a temporary file. The root cause is improper handling of a temporary file during that cron operation, which can lead to confidentiality and integrity losses. The NVD metrics indicate...
Red Hat OpenShift 安全漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift that stems from a cron job to update mcollective with error handling temporary...
mcollective Trust Management Issues Vulnerabilities
mcollective is a framework for building Server Orchestration and parallel work execution systems. A trust management issue vulnerability exists in mcollective. The vulnerability stems from the lack of an effective trust management mechanism in a networked system or product. An attacker could...
CVE-2014-0175
mcollective has a default password set at install...
DEBIAN-CVE-2014-0175
mcollective has a default password set at install...
CVE-2014-0175
mcollective has a default password set at install...
Default credentials
mcollective has a default password set at install...
UBUNTU-CVE-2014-0175
mcollective has a default password set at install...
CVE-2014-0175
mcollective has a default password set at install...
CVE-2014-0175
CVE-2014-0175 relates to mcollective with a default password set at installation. Connected sources corroborate an unpatched/default-credential condition affecting mcollective; CVSS metrics indicate high risk (Network, low attack complexity, no authentication required, partial confidentiality/int...
CVE-2014-0175
mcollective has a default password set at install...
PT-2019-7040 · Puppet +1 · Mcollective +1
Name of the Vulnerable Software and Affected Versions: mcollective affected versions not specified Description: The issue is related to a default password being set during installation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...
Puppet Enterprise < 2016.2.1 Multiple Vulnerabilities
According to its self-reported version number, the Puppet Enterprise application running on the remote host is version prior to 2016.2.1. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the mcollective puppet-agent plugin due to an...
Insecure Defaults
mcollective is vulnerable to insecure defaults. The vulnerability exists through a default password set at install...
World-readable Permissions
The openshift-origin-broker-util package has world-readable permission vulnerability. It happens because the package sets the permissions for mcollective client.cfg configuration as world-readable by default, leakaging sensitive information regarding the mcollective installation, including...
CVE-2017-2293
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this...