CVE-2014-3248

CVE-2014-3248 documents an untrusted search path vulnerability affecting Puppet-related components. Affected software includes Puppet Enterprise 2.8 (before 2.8.7), Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, runn...

CVE-2015-1426

CVE-2015-1426 affects Puppet Labs Facter 1.6.0 through 2.4.0. The vulnerability allows local users to obtain sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node. The connected documents corroborate this issue across multiple sources (OSV, CNVD, NVD, GN advisories)....