| CVE-2016-2785 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveragin… |
| CVE-2012-1989 |
low |
— |
3.6 |
|
|
|
9y ago |
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connect… |
| CVE-2012-3865 |
low |
— |
3.5 |
|
|
|
9y ago |
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remot… |
| CVE-2010-0156 |
low |
— |
3.3 |
|
|
|
4y ago |
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or… |
| CVE-2012-1906 |
low |
— |
3.3 |
|
|
|
14y ago |
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from … |
| CVE-2012-3408 |
low |
— |
2.6 |
|
|
|
9y ago |
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote att… |
| CVE-2012-3866 |
low |
— |
2.1 |
|
|
|
9y ago |
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration in… |
