12 matches found
EUVD-2013-4813
Malware in sbrugna...
EUVD-2013-2221
Malware in sbrugna...
EUVD-2022-3504
Malicious code in bioql PyPI...
RHEL 6 : puppet (RHSA-2013:0710)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0710 advisory. Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in how Puppet handled certa...
Ubuntu 16.04 ESM : Puppet vulnerabilities (USN-4804-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4804-1 advisory. It was discovered that Puppet installed modules with world writable permissions. An attacker could use this vulnerability to execute arbitrary code or...
USN-3308-1 puppet vulnerabilities
Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code. CVE-2014-3248 It was discovered that Puppet incorrectly handled YAML deserialization. A remote attacker could possibly use this issue to execute...
CVE-2013-4956
Puppet Module Tool PMT, as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to rea...
CVE-2013-1652
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors...
puppet26 -- multiple vulnerabilities
Moses Mendoza reports: A vulnerability found in Puppet could allow an authenticated client to cause the master to execute arbitrary code while responding to a catalog request. Specifically, in order to exploit the vulnerability, the puppet master must be made to invoke the 'template' or...
Debian Security Advisory DSA 2643-1 (puppet - several vulnerabilities)
Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system. CVE-2013-1640An authenticated malicious client may request its catalog from the puppet master, and cause the puppet master to execute arbitrary code. The puppet master must be made to invoke the...
Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerabilities (USN-1223-1)
It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. CVE-2011-3869 Ricky Zhou discovered that Puppet did not drop privileges when creating SSH...
Ubuntu Update for puppet vulnerabilities USN-917-1
Ubuntu Update for Linux kernel vulnerabilities USN-917-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9171.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for puppet vulnerabilities USN-917-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...