Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Veracode
Veracodeadded 2018/07/18 5:39 a.m.15 views

Remote Code Execution (RCE)

mcollective-client is vulnerable to remote code execution. This is due to the use of eval to evaluate comparison expressions in discovery filters, which allows an attacker to execute arbitrary code via the mco ping command...

9.8CVSS9.8AI score0.01957EPSS
Exploits0References3Affected Software1
RubySec
RubySecadded 2017/10/24 12:0 a.m.28 views

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

6.2CVSS6.8AI score0.00074EPSS
Exploits1References1Affected Software1
Veracode
Veracodeadded 2017/07/03 1:13 a.m.18 views

Remote Code Execution (RCE) Through YAML Deserialization

mcollective-client is vulnerable to Remote Code Execution RCE Through YAML Deserialization. The library uses the insecure YAML.load method to deserialize yaml files. This can allow a malicious user to inject and execute arbitrary code by sending a yaml file to the system...

9CVSS9.4AI score0.01805EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder