Download
| Alert*
|
oval:org.secpod.oval:def:6023
The host is installed with Puppet 2.6.x before 2.6.15 or 2.7.x before 2.7.13 and is prone to symlink attack. A flaw is present in the application, which fails to handle insecure creation of temporary files. Successful exploitation allows attackers to overwrite arbitrary files or install arbitrary pa ... oval:org.secpod.oval:def:6022 The host is installed with Puppet 2.6.x before 2.6.14 or 2.7.x before 2.7.11 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused by the improper dropping of group permissions when a process is forked. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:6021 The host is installed with Puppet 2.6.x before 2.6.14 or 2.7.x before 2.7.11 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle k5login type. Successful exploitation allows attackers to gain privileges via a symlink attack on .k5l ... oval:org.secpod.oval:def:6020 The host is installed with Puppet 2.6.x before 2.6.15 or 2.7.x before 2.7.13 and is prone to symlink attack. A flaw is present in the applications, which fail to properly handle REST requests for a file from a remote filebucket. Successful exploitation allows attackers with an authorized SSL key and ... oval:org.secpod.oval:def:1600311 The template and inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request. oval:org.secpod.oval:def:10650 The host is installed with Puppet 2.7.x before 2.7.21 or 3.1.x before 3.1.1 and is prone to SSL Protocol downgrade vulnerability. A flaw is present in the application, which fails to properly negotiate the SSL protocol between client and master. Successful exploitation allows remote attackers to con ... oval:org.secpod.oval:def:10651 The host is installed with Puppet before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 or and is prone to arbitrary code-execution vulnerability. A flaw is present in the application, which fails to handle a crafted HTTP request. Successful exploitation allows remote authenticated users to execu ... oval:org.secpod.oval:def:10652 The host is installed with Puppet 2.6 before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 and is prone to security-bypass vulnerability. A flaw is present in the application, which fails to handle certain security restrictions. Successful exploitation allows remote authenticated users with a va ... oval:org.secpod.oval:def:5917 The host is installed with Puppet 2.6.x before 2.6.14 or 2.7.x before 2.7.11 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused by the improper dropping of group permissions when a process is forked. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:5916 The host is installed with Puppet 2.6.x before 2.6.14 or 2.7.x before 2.7.11 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle k5login type. Successful exploitation allows attackers to gain privileges via a symlink attack on .k5l ... oval:org.secpod.oval:def:5915 The host is installed with Puppet 2.6.x before 2.6.15 or 2.7.x before 2.7.13 or Puppet Enterprise 2.5.0 and is prone to symlink attack. A flaw is present in the applications, which fail to properly handle REST requests for a file from a remote filebucket. Successful exploitation allows wttackers ith ... oval:org.secpod.oval:def:5914 The host is installed with Puppet 2.6.x before 2.6.15 or 2.7.x before 2.7.13 or Puppet Enterprise 2.5.0 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly handle REST requests. Successful exploitation allows attackers with agent SSL keys to ... oval:org.secpod.oval:def:10642 The host is installed with Puppet 2.6.x before 2.6.18, 2.7.x before 2.7.21, 3.1.x before 3.1.1 or Puppet Enterprise before 1.2.7 or 2.7.x before 2.7.2 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to handle the default configuration for puppet maste ... oval:org.secpod.oval:def:10644 The host is installed with Puppet 2.7.x before 2.7.21 or 3.1.x before 3.1.1 or Puppet Enterprise 2.7.x before 2.7.2 and is prone to SSL Protocol downgrade vulnerability. A flaw is present in the application, which fails to properly negotiate the SSL protocol between client and master. Successful exp ... oval:org.secpod.oval:def:10645 The host is installed with Puppet before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 or Puppet Enterprise before 1.2.7 or 2.7.x before 2.7.2 and is prone to arbitrary code-execution vulnerability. A flaw is present in the application, which fails to handle a crafted HTTP request. Successful ex ... oval:org.secpod.oval:def:10646 The host is installed with Puppet 2.6 before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 or Puppet Enterprise before 1.2.7 or 2.7.x before 2.7.2 and is prone to security-bypass vulnerability. A flaw is present in the application, which fails to handle certain security restrictions. Successful ... oval:org.secpod.oval:def:10647 The host is installed with Puppet before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 or Puppet Enterprise before 1.2.7 or 2.7.x before 2.7.2 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted catalog request. Successful ex ... oval:org.secpod.oval:def:10648 The host is installed with Puppet 2.x before 2.6.18, 2.7.x before 2.7.21, 3.1.x before 3.1.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to handle the default configuration for puppet masters. Successful exploitation allows remote authenticated no ... oval:org.secpod.oval:def:6019 The host is installed with Puppet 2.6.x before 2.6.15 or 2.7.x before 2.7.13 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly handle REST requests. Successful exploitation allows attackers with agent SSL keys to corrupt the memory or file ... oval:org.secpod.oval:def:10653 The host is installed with Puppet before 2.6.18, 2.7.x before 2.7.21 or 3.1.x before 3.1.1 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted catalog request. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:106344 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:106367 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:600679 Multiple security issues have been discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-3848 Kristian Erik Hermansen reported that an unauthenticated directory traversal could drop any valid ... oval:org.secpod.oval:def:1600282 Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. oval:org.secpod.oval:def:1600289 Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited ut ... oval:org.secpod.oval:def:1600199 Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. oval:org.secpod.oval:def:600742 Two vulnerabilities were discovered in Puppet, a centralized configuration management tool. CVE-2012-1053 Puppet runs execs with an unintended group privileges, potentially leading to privilege escalation. CVE-2012-1054 The k5login type writes to untrusted locations, enabling local users to escalate ... oval:org.secpod.oval:def:600986 Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system. CVE-2013-1640 An authenticated malicious client may request its catalog from the puppet master, and cause the puppet master to execute arbitrary code. The puppet master must be made to invoke the `temp ... oval:org.secpod.oval:def:600664 It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the "certdnsnames" option was used. This could lead to man in the middle attacks oval:org.secpod.oval:def:601199 The fix for CVE-2013-4969 contained a regression affecting the default file mode if none is specified on a file resource. The oldstable distribution is not affected by this regression. For the stable distribution , this problem has been fixed in version 2.7.23-1~deb7u3. For the testing distribution ... oval:org.secpod.oval:def:601110 Several vulnerabilities were discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4761 The "resource_type" service could be used to make puppet load arbitrary Ruby code from puppet master"s ... oval:org.secpod.oval:def:601181 An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. oval:org.secpod.oval:def:601063 It was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially-crafted payload to execute arbitrary code on the puppet master. oval:org.secpod.oval:def:600847 Several security vulnerabilities have been found in Puppet, a centralized configuration management: CVE-2012-3864 Authenticated clients could read arbitrary files on the puppet master. CVE-2012-3865 Authenticated clients could delete arbitrary files on the puppet master. CVE-2012-3866 The report of ... oval:org.secpod.oval:def:2001383 In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. oval:org.secpod.oval:def:114176 Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and fi ... oval:org.secpod.oval:def:600777 Several vulnerabilities have been discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-1906 Puppet is using predictable temporary file names when downloading Mac OS X package files. This allo ... oval:org.secpod.oval:def:5913 The host is installed with Puppet 2.6.x before 2.6.15 or 2.7.x before 2.7.13 or Puppet Enterprise 2.5.0 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly handle file bucket requests. Successful exploitation allows attackers with age ... oval:org.secpod.oval:def:6018 The host is installed with Puppet 2.6.x before 2.6.15 or 2.7.x before 2.7.13 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly handle file bucket requests. Successful exploitation allows attackers with agent SSL keys and file-creati ... |
