96 matches found
Linux Distros Unpatched Vulnerability : CVE-2013-0266
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the puppetlabs-cinder module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable...
EUVD-2015-7156
Malware in sbrugna...
EUVD-2017-11482
Malware in sbrugna...
EUVD-2022-42672
Malicious code in bioql PyPI...
EUVD-2022-42673
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-2299
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the sslca parameter...
Linux Distros Unpatched Vulnerability : CVE-2022-3275
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able...
Linux Distros Unpatched Vulnerability : CVE-2022-3276
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are...
MAL-2025-1171 Malicious code in puppetlabs-apt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d3d7b24d31b73020af01d32ac4c79293dde10b8c8994012a9e685ae70f788d3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in puppetlabs-apt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d3d7b24d31b73020af01d32ac4c79293dde10b8c8994012a9e685ae70f788d3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Command Injection
Puppetlabs-apt is vulnerable to Command Injection. This vulnerability can be exploited by an attacke by providing unsanitized input to the module which can lead to command injection...
SUSE CVE-2022-3275
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...
Fedora 36 : wireshark (2022-1f2fbb087e)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-1f2fbb087e advisory. New version 3.6.10 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Puppetlabs-mysql: Command Injection in the puppetlabs-mysql module
A flaw was in the puppetlabs-mysql module, where a Command injection can occur. This flaw allows a malicious actor to provide unsanitized input to the module...
Puppet puppetlabs-apt module command injection vulnerability
Puppet is a client/server C/S architecture-based configuration management tool from Puppet Labs that can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in versions of Puppet Puppetlabs-apt module prior to 9.0.0. T...
Puppet command injection vulnerability
Puppet is a set of client/server C/S architecture-based configuration management tools from Puppet Labs in the United States, which can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in puppet puppetlabs-mysql...
DEBIAN-CVE-2022-3276
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...
CVE-2022-3276
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...
CVE-2022-3275
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...
CVE-2022-3275
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...