| CVE-2013-1655 |
high |
— |
7.5 |
|
|
|
9y ago |
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." |
| CVE-2013-3567 |
high |
— |
7.5 |
|
|
|
9y ago |
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arb… |
| CVE-2012-1989 |
low |
— |
3.6 |
|
|
|
9y ago |
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connect… |
| CVE-2012-3865 |
low |
— |
3.5 |
|
|
|
9y ago |
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remot… |
| CVE-2010-0156 |
low |
— |
3.3 |
|
|
|
4y ago |
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or… |
| CVE-2012-1906 |
low |
— |
3.3 |
|
|
|
14y ago |
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from … |
| CVE-2012-3408 |
low |
— |
2.6 |
|
|
|
9y ago |
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote att… |
| CVE-2012-3866 |
low |
— |
2.1 |
|
|
|
9y ago |
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration in… |
