CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

Puppet Server/PuppetDB - Sensitive Information Disclosure

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed. id: CVE-2020-7943 info: name: Puppet Server/PuppetDB - Sensitive Information Disclosure author: c-sh0 severity: high...

7.5CVSS7.1AI score0.65366EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-13792

Malware in sbrugna...

4.3CVSS4.5AI score0.00204EPSS

Exploits0References2

Tenable Nessus•added 2025/08/30 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2021-27021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. CVE-2021-27021 Not...

8.8CVSS7.9AI score0.00626EPSS

Exploits0References2

Tenable Nessus•added 2025/08/27 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2020-7943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like...

7.5CVSS7.1AI score0.65366EPSS

Exploits0References2

Tenable Nessus•added 2025/08/27 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2021-27019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PuppetDB logging included potentially sensitive system information. CVE-2021-27019 Note that Nessus relies on the presence of the package as reported by the...

4.3CVSS5.8AI score0.00204EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 7:29 p.m.•4 views

CVE-2021-27019

PuppetDB logging included potentially sensitive system information...

4.3CVSS6.8AI score0.00204EPSS

Exploits0References1

Rosalinux•added 2024/01/23 12:29 p.m.•14 views

Advisory ROSA-SA-2024-2329

software: puppet 7.25.0 OS: ROSA-CHROME packageevrstring: puppet-7.25.0-1.src.rpm CVE-ID: CVE-2021-27021 BDU-ID: 2022-01884 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PuppetDB database management system is related to the failure to take measures to protect the SQL query structure...

8.8CVSS8.9AI score0.00626EPSS

Exploits0

Rosalinux•added 2023/11/21 12:46 p.m.•16 views

Advisory ROSA-SA-2023-2297

8.8CVSS7.6AI score0.00626EPSS

Exploits0

OpenVAS•added 2023/11/08 12:0 a.m.•8 views

Debian: Security Advisory (DLA-3647-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score

Exploits0References4

Debian•added 2023/11/06 11:19 p.m.•6 views

[SECURITY] [DLA 3647-1] trapperkeeper-webserver-jetty9-clojure

Debian LTS Advisory DLA-3647-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 07, 2023 https://wiki.debian.org/LTS Package : trapperkeeper-webserver-jetty9-clojure Version : 1.7.0-2+deb10u2 Debian Bug : 1055348 The recent update of jetty9, released as DL...

5.7AI score

Exploits0

SUSE CVE•added 2023/02/15 4:1 a.m.•1 views

SUSE CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.5CVSS8.6AI score0.65366EPSS

Exploits0References3

Veracode•added 2022/12/10 4:35 a.m.•9 views

Privilege Escalation

puppetdb is vulnerable to privilege escalation. The vulnerability exists due to the lack of input query validation in the library, allowing an attacker to delete user tables via malicious sql query...

8.8CVSS8.3AI score0.00626EPSS

Exploits0References2Affected Software1

Veracode•added 2022/12/10 4:24 a.m.•10 views

Information Disclosure

puppetdb is vulnerable to information disclosure. The vulnerability exists due to information exposure through log files which allows an attacker to gain access to sensitive information...

4.3CVSS4.9AI score0.00204EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2022/09/16 12:0 a.m.•33 views

FreeBSD : puppetdb -- Potential SQL injection (aeb4c85b-3600-11ed-b52d-589cfc007716)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the aeb4c85b-3600-11ed-b52d-589cfc007716 advisory. - PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database usin...

8CVSS7AI score0.02462EPSS

Exploits1References4