Filter
AND
-Infinity
0

Trending

Last week
Last month
Last year

Puppet EnterpriseA privilege escalation allowing remote code execution was discovered in the orchestration service.

critical
9.8
First published (updated )
CVE-2023-2530

Puppet EnterpriseBroken Session Management in Puppet Enterprise

critical
9.8
First published (updated )
CVE-2023-5309

Puppet Bolt- Privilege Escalation in Puppet Bolt

critical
9.8
First published (updated )
CVE-2023-5214

PuppetCode Injection

critical
9.8
First published (updated )
CVE-2016-5713

Puppet MCollectiveVersions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, all…

critical
9
First published (updated )
CVE-2017-2292

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Puppet EnterpriseWhen users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are …

critical
9.8
First published (updated )
CVE-2018-11749

PuppetThe (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7…

critical
9
First published (updated )
CVE-2013-1640

Red Hat OpenShiftmcollective has a default password set at install

critical
9.8
First published (updated )
CVE-2014-0175

Puppet Labs MySQLpuppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging c…

critical
9.8
First published (updated )
CVE-2015-7224

Puppet MCollectiveMCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to e…

critical
9.8
First published (updated )
CVE-2016-2788

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

PuppetPuppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent befo…

critical
9.8
First published (updated )
CVE-2016-2785

PuppetInput Validation

critical
9.8
First published (updated )
CVE-2016-2786

Puppet MCollectiveOn Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator…

critical
9
First published (updated )
CVE-2017-2290

Puppet DiscoveryPuppet Discovery can leak authentication information

critical
9.8
First published (updated )
CVE-2018-11746

Puppet DiscoveryPreviously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx conta…

critical
9.8
First published (updated )
CVE-2018-11747

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Puppet Razor ServerCode Injection

critical
9.8
First published (updated )
CVE-2018-6512

Puppet EnterpriseThe express install, which is the suggested way to install Puppet Enterprise, gives the user a URL a…

critical
9.8
First published (updated )
CVE-2019-10694

PuppetA flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credential…

critical
9.8
First published (updated )
CVE-2021-27023

Red Hat FedoraPuppetlabs-apt Command Injection

critical
9.8
First published (updated )
CVE-2022-3275

Puppet FirewallPuppet Firewall Module May Leave Unmanaged Rules

critical
9.8
First published (updated )
CVE-2022-0675

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203