Download
| Alert*
oval:org.secpod.oval:def:10650
The host is installed with Puppet 2.7.x before 2.7.21 or 3.1.x before 3.1.1 and is prone to SSL Protocol downgrade vulnerability. A flaw is present in the application, which fails to properly negotiate the SSL protocol between client and master. Successful exploitation allows remote attackers to con ... oval:org.secpod.oval:def:10651 The host is installed with Puppet before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 or and is prone to arbitrary code-execution vulnerability. A flaw is present in the application, which fails to handle a crafted HTTP request. Successful exploitation allows remote authenticated users to execu ... oval:org.secpod.oval:def:10652 The host is installed with Puppet 2.6 before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 and is prone to security-bypass vulnerability. A flaw is present in the application, which fails to handle certain security restrictions. Successful exploitation allows remote authenticated users with a va ... oval:org.secpod.oval:def:10642 The host is installed with Puppet 2.6.x before 2.6.18, 2.7.x before 2.7.21, 3.1.x before 3.1.1 or Puppet Enterprise before 1.2.7 or 2.7.x before 2.7.2 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to handle the default configuration for puppet maste ... oval:org.secpod.oval:def:10644 The host is installed with Puppet 2.7.x before 2.7.21 or 3.1.x before 3.1.1 or Puppet Enterprise 2.7.x before 2.7.2 and is prone to SSL Protocol downgrade vulnerability. A flaw is present in the application, which fails to properly negotiate the SSL protocol between client and master. Successful exp ... oval:org.secpod.oval:def:10645 The host is installed with Puppet before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 or Puppet Enterprise before 1.2.7 or 2.7.x before 2.7.2 and is prone to arbitrary code-execution vulnerability. A flaw is present in the application, which fails to handle a crafted HTTP request. Successful ex ... oval:org.secpod.oval:def:10646 The host is installed with Puppet 2.6 before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 or Puppet Enterprise before 1.2.7 or 2.7.x before 2.7.2 and is prone to security-bypass vulnerability. A flaw is present in the application, which fails to handle certain security restrictions. Successful ... oval:org.secpod.oval:def:10647 The host is installed with Puppet before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 or Puppet Enterprise before 1.2.7 or 2.7.x before 2.7.2 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted catalog request. Successful ex ... oval:org.secpod.oval:def:10648 The host is installed with Puppet 2.x before 2.6.18, 2.7.x before 2.7.21, 3.1.x before 3.1.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to handle the default configuration for puppet masters. Successful exploitation allows remote authenticated no ... oval:org.secpod.oval:def:1600311 The template and inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request. oval:org.secpod.oval:def:10653 The host is installed with Puppet before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted catalog request. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:106367 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:106344 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:1600282 Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. oval:org.secpod.oval:def:1600289 Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited ut ... oval:org.secpod.oval:def:601181 An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. oval:org.secpod.oval:def:601063 It was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially-crafted payload to execute arbitrary code on the puppet master. oval:org.secpod.oval:def:1600199 Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. oval:org.secpod.oval:def:600986 Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system. CVE-2013-1640 An authenticated malicious client may request its catalog from the puppet master, and cause the puppet master to execute arbitrary code. The puppet master must be made to invoke the `temp ... oval:org.secpod.oval:def:600847 Several security vulnerabilities have been found in Puppet, a centralized configuration management: CVE-2012-3864 Authenticated clients could read arbitrary files on the puppet master. CVE-2012-3865 Authenticated clients could delete arbitrary files on the puppet master. CVE-2012-3866 The report of ... oval:org.secpod.oval:def:601199 The fix for CVE-2013-4969 contained a regression affecting the default file mode if none is specified on a file resource. The oldstable distribution is not affected by this regression. For the stable distribution , this problem has been fixed in version 2.7.23-1~deb7u3. For the testing distribution ... oval:org.secpod.oval:def:601110 Several vulnerabilities were discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4761 The "resource_type" service could be used to make puppet load arbitrary Ruby code from puppet master"s ... oval:org.secpod.oval:def:114176 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:2001383 In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. |