Page 12 of 75 results (0.007 seconds)

CVSS: 6.5EPSS: 1%CPEs: 19EXPL: 0

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report. Puppet v2.6.x anterior a v2.6.18 y Puppet Enterprise v1.2.x anterior a v1.2.7 permite a usuarios remotos autenticados ejecutar código arbitrario en el puppet master, o un agente con puppet kick habilitado, mediante una petición espcialmente diesñada para un report. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://rhn.redhat.com/errata/RHSA-2013-0710.html http://secunia.com/advisories/52596 http://www.debian.org/security/2013/dsa-2643 http://www.securityfocus.com/bid/58447 https://puppetlabs.com/security/cve/cve-2013-2274 https://access.redhat.com/security/cve/CVE-2013-2274 https://bugzilla.redhat.com/show_bug.cgi?id=919773 •

CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors. Puppet v2.7.x anterior a v2.7.21 y v3.1.x anterior a v3.1.1, y Puppet Enterprise v2.7.x anterior a v2.7.2, no negocian correctamente el protocolo SSL entre el cliente y el master, lo que permite a atacantes remotos llevar a cabo ataques SSLv2 contra sesiones SSLv3 mediante vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://rhn.redhat.com/errata/RHSA-2013-0710.html http://secunia.com/advisories/52596 http://ubuntu.com/usn/usn-1759-1 http://www.debian.org/security/2013/dsa-2643 http://www.securityfocus.com/bid/64758 https://puppetlabs.com/security/cve/cve-2013-1654 https://access.redhat.com/security/cve/CVE-2013-1654 https://bugzilla.redhat.com& •

CVSS: 7.5EPSS: 9%CPEs: 35EXPL: 0

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." Puppet v2.7.x anterior a v2.7.21 y 3.1.x anterior a v3.1.1, cuando ejecutan Ruby v1.9.3 o posterior, permite a atacantes remotos ejecutar código arbitario mediante vectores relacionados con "serialized attributes." • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://secunia.com/advisories/52596 http://ubuntu.com/usn/usn-1759-1 http://www.debian.org/security/2013/dsa-2643 http://www.securityfocus.com/bid/58442 https://puppetlabs.com/security/cve/cve-2013-1655 • CWE-20: Improper Input Validation •

CVSS: 7.1EPSS: 1%CPEs: 37EXPL: 0

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request. Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21, y v3.1.x anterior a v3.1.1, y Puppet Enterprise anterior a v1.2.7 y v2.7.x anterior a v2.7.2, cuando la espera de conexiones entrantes está activado y permiten el acceso al REST "run", permiten a usuarios remotos autenticados ejecutar código arbitrario a través de un solicitud HTTP especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://secunia.com/advisories/52596 http://ubuntu.com/usn/usn-1759-1 http://www.debian.org/security/2013/dsa-2643 http://www.securityfocus.com/bid/58446 https://puppetlabs.com/security/cve/cve-2013-1653 •

CVSS: 9.0EPSS: 2%CPEs: 9EXPL: 0

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request. La funciones (1) template y (2) inline_template en el servidor maestro en Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21, y v3.1.x anterior a v3.1.1, permite a usuarios remotos autenticados ejecutar código arbitrario a través de una solicitud de catálogo especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://rhn.redhat.com/errata/RHSA-2013-0710.html http://secunia.com/advisories/52596 http://ubuntu.com/usn/usn-1759-1 http://www.debian.org/security/2013/dsa-2643 https://puppetlabs.com/security/cve/cve-2013-1640 https://access.redhat.com/security/cve/CVE-2013-1640 https://bugzilla.redhat.com/show_bug.cgi?id=919783 • CWE-502: Deserialization of Untrusted Data •