Lucene search
K

182 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.39 views

Puppet Agent 6.x < 6.25.1 / 7.x < 7.12.1 Vulnerability

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007. Note that Nessus has not tested for this issue but has instead relied only on the application's self-report...

9.8CVSS6.8AI score0.01328EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.43 views

Puppet Agent 5.x < 5.5.22 / 6.x < 6.19.0 Vulnerability

On August 19, 2020, curl published security updates addressing CVE-2020-8231. Previous releases of Puppet Agent contain a vulnerable version of curl. For more information about this vulnerability, refer to the security announcement for CVE-2020-8231. Note that Nessus has not tested for this issue...

7.5CVSS6.7AI score0.03721EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.57 views

Puppet Agent < 7.1.0 Vulnerability

On December 9, 2020, curl published security updates addressing CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286. Previous releases of Puppet Agent contain a vulnerable version of curl. For more information about this vulnerability, refer to the security announcement. Note that Nessus has not test...

7.5CVSS6.4AI score0.09917EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.12 views

Puppet Agent 7.x < 7.4.0 Deserialization Vulnerability

Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

6.6CVSS6.7AI score0.00541EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.30 views

Amazon Linux 2 : emr-puppet (ALASEMR-PUPPET-2023-001)

The version of emr-puppet installed on the remote host is prior to 6.17.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2EMR-PUPPET-2023-001 advisory. A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a...

6.5CVSS6.4AI score0.01149EPSS
Exploits0References4
Amazon
Amazon
added 2023/09/25 12:0 a.m.6 views

Medium: emr-puppet

Issue Overview: A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. CVE-2021-27025 Affected Packages: emr-puppet Note: This advisory is applicable to Amazon Linux 2 -...

6.5CVSS6.9AI score0.01149EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.4 views

SUSE CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

9.8CVSS7AI score0.02889EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.3 views

SUSE CVE-2016-2786

The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate...

9.8CVSS7.6AI score0.01563EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.5 views

SUSE CVE-2017-10689

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability...

5CVSS8.9AI score0.00363EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.1 views

SUSE CVE-2021-27023

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

7.1CVSS7AI score0.01328EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.3 views

SUSE CVE-2021-27017

Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release...

6.6CVSS7AI score0.00541EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.3 views

SUSE CVE-2021-27025

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'...

6.5CVSS6.7AI score0.01149EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/12/07 8:30 p.m.19 views

puppet: silent configuration failure in agent

A configuration flaw was found in Puppet Agent where the agent silently ignores Augeas settings. This flaw allows a network attacker to cause a denial of service before the first pluginsync. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availabilit...

6.5CVSS5.7AI score0.01149EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/12/07 7:21 p.m.8 views

puppet: silent configuration failure in agent

A configuration flaw was found in Puppet Agent where the agent silently ignores Augeas settings. This flaw allows a network attacker to cause a denial of service before the first pluginsync. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availabilit...

6.5CVSS5.7AI score0.01149EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/06/02 12:0 a.m.43 views

RHEL 6 / 7 / 8 : Satellite Tools 6.10.5 Async Bug Fix Update (Important) (RHSA-2022:4866)

The remote Redhat Enterprise Linux 6 / 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4866 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...

9.8CVSS7.2AI score0.01328EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/01 8:3 p.m.104 views

Important: Red Hat Security Advisory: Satellite Tools 6.10.5 Async Bug Fix Update

Updated Satellite 6.10 Tools packages that fix several bugs are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

9.8CVSS6.9AI score0.01328EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/06/01 8:3 p.m.3 views

puppet: silent configuration failure in agent

A configuration flaw was found in Puppet Agent where the agent silently ignores Augeas settings. This flaw allows a network attacker to cause a denial of service before the first pluginsync. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availabilit...

6.5CVSS5.7AI score0.01149EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/01 7:58 p.m.2 views

puppet: unsafe HTTP redirect

An exposure flaw was found in Puppet Agent and Puppet Server where HTTP credentials were leaked. When the HTTP redirects occurred, the authentication and cookie header was added when following redirects to a different host. This flaw allows an unauthorized network attacker to access sensitive...

9.8CVSS5.8AI score0.01328EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/01 7:58 p.m.3 views

puppet: silent configuration failure in agent

A configuration flaw was found in Puppet Agent where the agent silently ignores Augeas settings. This flaw allows a network attacker to cause a denial of service before the first pluginsync. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availabilit...

6.5CVSS5.7AI score0.01149EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/01 7:58 p.m.87 views

Important: Red Hat Security Advisory: Satellite Tools 6.9.9 Async Bug Fix Update

Updated Satellite 6.9 Tools packages that fix several bugs are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.9AI score0.01328EPSS
Exploits0References3
Rows per page
Query Builder