CVE-2014-0175
mcollective has a default password set at install
9.8CVSS
9.5AI Score
0.005EPSS
CVE-2016-2788
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
9.6AI Score
0.017EPSS