Lucene search
+L

53 matches found

Prion
Prion
added 2012/08/06 4:55 p.m.18 views

Directory traversal

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...

3.5CVSS6.6AI score0.01882EPSS
Exploits1References9Affected Software2
OSV
OSV
added 2012/06/27 6:55 p.m.10 views

CVE-2012-1989

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise PE 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log /tmp/out.log...

3.6CVSS6.1AI score0.00402EPSS
Exploits0References11
OSV
OSV
added 2012/05/29 8:55 p.m.9 views

CVE-2012-1906

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...

3.3CVSS6.2AI score0.0035EPSS
Exploits0References9
OSV
OSV
added 2012/05/29 8:55 p.m.8 views

CVE-2012-1987

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream tha...

3.5CVSS6.2AI score0.02553EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2012/02/15 12:0 a.m.11 views

Ubuntu 10.10 / 11.04 / 11.10 : Puppet vulnerability (USN-1365-1)

It was discovered that Puppet would allow remote ralsh under certain circumstances. An attacker on an authenticated puppet node could exploit this to view or manipulate resources on other Puppet nodes. Note that Tenable Network Security has extracted the preceding description block directly from...

5.5CVSS5.6AI score0.01652EPSS
Exploits0References2
OSV
OSV
added 2011/10/27 8:55 p.m.7 views

CVE-2011-3870

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorizedkeys file...

6.3CVSS6AI score0.00352EPSS
Exploits0References9
OSV
OSV
added 2011/10/27 8:55 p.m.2 views

DEBIAN-CVE-2011-3870

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorizedkeys file...

6.3CVSS6.4AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2011/10/27 8:55 p.m.3 views

DEBIAN-CVE-2011-3869

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file...

6.3CVSS6.2AI score0.00341EPSS
Exploits0References1
OSV
OSV
added 2011/10/27 8:55 p.m.7 views

CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

6.2CVSS6.3AI score0.00338EPSS
Exploits0References9
OSV
OSV
added 2011/10/27 8:55 p.m.3 views

CVE-2011-3872

Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise PE Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof ...

2.6CVSS6.3AI score0.02454EPSS
Exploits0References11
Prion
Prion
added 2011/10/27 8:55 p.m.15 views

Design/Logic Flaw

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorizedkeys file...

6.3CVSS6.5AI score0.00352EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2011/10/27 8:0 p.m.26 views

CVE-2011-3869

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file...

5.9AI score0.00341EPSS
Exploits0References9
OSV
OSV
added 2010/03/03 7:30 p.m.1 views

DEBIAN-CVE-2010-0156

Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/daemonout, 2 /tmp/puppetdoc.txt, 3 /tmp/puppetdoc.tex, or 4 /tmp/puppetdoc.aux temporary file...

3.3CVSS6.7AI score0.00325EPSS
Exploits0References1
Rows per page
Query Builder