34 matches found
EUVD-2018-3769
Malware in sbrugna...
EUVD-2013-4800
Malware in sbrugna...
EUVD-2018-3767
Malware in sbrugna...
EUVD-2015-1173
Malware in sbrugna...
EUVD-2024-24523
Malicious code in bioql PyPI...
CVE-2024-27294
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...
Out-of-bounds
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...
CVE-2024-27294
CVE-2024-27294 concerns the Go/Puppet toolchain issue for the dp-golang module. Affected: dp-golang prior to 1.2.7, used with Puppet running as root on macOS (Go versions 1.4.3–1.21rc3; specific bootstrap tarballs). Root cause: files within the Go installation could be created with incorrect owne...
CVE-2024-27294 dp-golang Go installation could be owned by wrong user
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...
CVE-2024-27294 dp-golang Go installation could be owned by wrong user
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive,...
MAL-2023-1436 Malicious code in puppet-module-posix-system-r3.2 (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 835ce606cd37fa823a80a445ab30dce0ec0005af3a78f9ed7a8d35d63db99474 The OpenSSF Package Analysis project identified 'puppet-module-posix-system-r3.2' @ 1.0.0 rubygems as malicious. It is considered malicious...
Malicious code in puppet-module-posix-system-r3.2 (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 835ce606cd37fa823a80a445ab30dce0ec0005af3a78f9ed7a8d35d63db99474 The OpenSSF Package Analysis project identified 'puppet-module-posix-system-r3.2' @ 1.0.0 rubygems as malicious. It is considered malicious...
MAL-2023-1433 Malicious code in puppet-module-posix-system-r (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2ad3a13f7c087320a9f4bf76203fd40172a2b55172dec3ac957ad4d265c01425 The OpenSSF Package Analysis project identified 'puppet-module-posix-system-r' @ 1.0.0 rubygems as malicious. It is considered malicious because...
Malicious code in puppet-module-posix-system-r (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2ad3a13f7c087320a9f4bf76203fd40172a2b55172dec3ac957ad4d265c01425 The OpenSSF Package Analysis project identified 'puppet-module-posix-system-r' @ 1.0.0 rubygems as malicious. It is considered malicious because...
SUSE CVE-2013-4956
Puppet Module Tool PMT, as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to rea...
cloud-init bug fix and enhancement update
An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...
Important: Red Hat Bug Fix Advisory: Satellite 6.6.2 Async Bug Fix Update
Updated Satellite 6.6 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clien...
CVE-2018-11750
Previous releases of the Puppet ciscoios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of ciscoios, host key checking is enabled by default...
Moderate: Red Hat Security Advisory: puppet-swift security update
An update for puppet-swift is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2016-5737
The Gerrit configuration in the Openstack Puppet module for Gerrit aka puppet-gerrit improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting XSS attacks via a crafted review...