pkg:Debian/puppet

53 total CVEsCRITICAL1HIGH4MEDIUM5

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2016-5713Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables t…
    from 0, < 4.7.0-1
  • HIGH8.2CVE-2017-2295puppet - security update
    from 0, < 2.7.23-1~deb7u4
  • HIGH8.2CVE-2017-2295puppet - security update
    from 0, < 4.8.2-5
  • HIGH8.2CVE-2017-2295puppet - security update
    from 0, < 3.7.2-4+deb8u1
  • HIGH7.2CVE-2016-5714Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whiteli…
    from 0, < 4.8.0-1
  • MEDIUM6.5CVE-2021-27025Silent Configuration Failure in Puppet Agent
    from 0
  • MEDIUM6.5CVE-2021-27023Unsafe HTTP Redirect in Puppet Agent and Puppet Server
    from 0
  • MEDIUM6.5CVE-2020-7942Improper Certificate Validation in Puppet
    from 0
  • MEDIUM6.5CVE-2014-3250The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote a…
    from 0, < 3.7.0-1
  • MEDIUM5.5CVE-2017-10689Tarball permission preservation in puppet
    from 0, < 5.4.0-1
  • CVE-2011-0528Puppet does not properly restrict access to node resources
    from 0, < 2.6.2-3
  • CVE-2011-3871Puppet uses predictable filenames, allowing arbitrary file overwrite
    from 0, < 2.7.3-3
  • CVE-2011-3869Puppet arbitrary file overwrite
    from 0, < 2.7.3-3
  • CVE-2011-3870Puppet allows local users to modify the permissions of arbitrary files
    from 0, < 2.7.3-3
  • CVE-2012-1987Puppet Denial of Service and Arbitrary File Write
    from 0, < 2.7.13-1
  • CVE-2012-1906puppet - several
    from 0, < 2.7.13-1
  • CVE-2012-1988Puppet Arbitrary Command Execution
    from 0, < 2.7.13-1
  • CVE-2012-1906puppet - several
    from 0, < 2.6.2-5+squeeze5
  • CVE-2012-1053puppet - several
    from 0, < 2.6.2-5+squeeze4
  • CVE-2012-1053puppet - several
    from 0, < 2.7.11-1
  • CVE-2010-0156Puppet arbitrary files overwrite via a symlink attack
    from 0, < 0.25.4-2
  • CVE-2012-3408Puppet supports use of IP addresses in certnames without warning of potential risks
    from 0, < 2.7.18-1
  • CVE-2012-1989Puppet allows local users to overwrite arbitrary files via a symlink attack
    from 0, < 2.7.13-1
  • CVE-2013-4761puppet - several
    from 0, < 3.2.4-1
  • CVE-2013-3567puppet - code execution
    from 0, < 2.6.2-5+squeeze8
  • CVE-2013-4761puppet - several
    from 0, < 2.7.23-1~deb7u1
  • CVE-2012-3867Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
    from 0, < 2.7.18-1
  • CVE-2012-3866Puppet allows local users to obtain sensitive configuration information
    from 0, < 2.7.18-1
  • CVE-2013-3567puppet - code execution
    from 0, < 3.2.2-1
  • CVE-2012-3865Puppet vulnerable to Path Traversal
    from 0, < 2.7.18-1
  • CVE-2013-1655Puppet Improper Input Validation vulnerability
    from 0, < 2.7.18-3
  • CVE-2014-3248facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability
    from 0, < 3.7.0-1
  • CVE-2013-4969puppet - insecure temporary files
    from 0, < 2.6.2-5+squeeze9
  • CVE-2013-4969puppet - insecure temporary files
    from 0, < 3.4.1-1
  • CVE-2013-4956Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x…
    from 0, < 3.2.4-1
  • CVE-2012-6120puppet - security update
    from 0, < 2.6.4-2
  • CVE-2012-6120puppet - security update
    from 0, < 2.6.2-5+squeeze10
  • CVE-2013-2275The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Pup…
    from 0, < 2.7.18-3
  • CVE-2013-2274Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the pupp…
    from 0, < 2.7-1
  • CVE-2013-1654Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol b…
    from 0, < 2.7.18-3
  • CVE-2013-1653Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listenin…
    from 0, < 2.7.18-3
  • CVE-2013-1652Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote…
    from 0, < 2.7.18-3
  • CVE-2013-1640puppet - several issues
    from 0, < 2.6.2-5+squeeze7
  • CVE-2013-1640puppet - several issues
    from 0, < 2.7.18-3
  • CVE-2012-3864puppet - several
    from 0, < 2.7.18-1
  • CVE-2012-3864puppet - several
    from 0, < 2.6.2-5+squeeze6
  • CVE-2012-1986Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows…
    from 0, < 2.7.13-1
  • CVE-2012-1054Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a u…
    from 0, < 2.7.11-1
  • CVE-2011-3872puppet - programming error
    from 0, < 2.7.6-1
  • CVE-2011-3872puppet - programming error
    from 0, < 0.24.5-3+lenny2
  • CVE-2011-3848puppet - several
    from 0, < 2.7.3-2
  • CVE-2011-3848puppet - several
    from 0, < 2.6.2-5+squeeze1
  • CVE-2009-3564puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to a…
    from 0, < 0.25.1-3