CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6502
https://notcve.org/view.php?id=CVE-2015-6502
11 Dec 2017 — Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect. Vulnerabilidad Cross-Site Scripting (XSS) en la consola en Puppet Enterprise en versiones anteriores a la 2015.2.1 permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro string. Esto se relaciona con Login Redirect. • https://puppet.com/security/cve/CVE-2015-6502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8470
https://notcve.org/view.php?id=CVE-2015-8470
11 Dec 2017 — The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. La consola en Puppet Enterprise 3.7.x, 3.8.x y 2015.2.x no establece la marca secure para la cookie JSESSIONID en una sesión HTTPS. Esto facilita que atacantes remotos capturen esta cookie interceptando su transmisión en una sesión HTTP. • https://puppet.com/security/cve/CVE-2015-8470 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3250
https://notcve.org/view.php?id=CVE-2014-3250
11 Dec 2017 — The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. El archivo de configuración vhost por defecto en Puppet en versiones anteriores a la 3.6.2 no incluye la directiva SSLCARevocationCheck. Esto podría permitir que atacantes remotos obtengan información sensible mediante un certificado revocado cuando un Puppet mas... • https://bugzilla.redhat.com/show_bug.cgi?id=1101347 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5713
https://notcve.org/view.php?id=CVE-2016-5713
06 Dec 2017 — Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0. Las versiones de Puppet Agent anteriores a la 1.6.0 incluían una versión del agente Puppet Execution Protocol (PXP) que pasaba variables del entorno a ejecuciones Puppet. Esto podría permitir la carga de código no autorizado. • https://puppet.com/security/cve/cve-2016-5713 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 1%CPEs: 6EXPL: 0CVE-2016-5714 – Gentoo Linux Security Advisory 201710-12
https://notcve.org/view.php?id=CVE-2016-5714
13 Oct 2017 — Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability." Puppet Enterprise 2015.3.3 y 2016.x en versiones anteriores a la 2016.4.0 y Puppet Agent 1.3.6 hasta la versión 1.7.0 permite que atacantes remotos omitan un mecanismo de protección... • https://bugs.gentoo.org/597684 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2017-2299
https://notcve.org/view.php?id=CVE-2017-2299
15 Sep 2017 — Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD. Las versiones del módulo puppetlabs-apache anteriores a 1.11.1 y 2.1.0 hacen que sea muy sencillo configurar de forma incorrecta las r... • http://www.securityfocus.com/bid/100859 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 1%CPEs: 12EXPL: 0CVE-2016-5716
https://notcve.org/view.php?id=CVE-2016-5716
09 Aug 2017 — The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. La consola en Puppet Enterprise en versiones 2015.x y 2016.x anteriores a la versión 2016.4.0 incluye lecturas de strings no seguros que podrían permitir que se ejecutase código de forma remota en el nodo de la consola. • https://puppet.com/security/cve/pe-console-oct-2016 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 92%CPEs: 6EXPL: 15CVE-2017-7529 – nginx: Integer overflow in nginx range filter module leading to memory disclosure
https://notcve.org/view.php?id=CVE-2017-7529
13 Jul 2017 — Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. Las versiones desde la 0.5.6 hasta 1.13.2 incluyéndola de Nginx, son susceptibles a una vulnerabilidad de desbordamiento de enteros en el módulo filtro de rango de nginx, resultando en un filtrado de información potencialmente confidencial activada por una petición especialmente cre... • https://github.com/liusec/CVE-2017-7529 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-2294
https://notcve.org/view.php?id=CVE-2017-2294
05 Jul 2017 — Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore. Las versiones de Puppet Enterprise anteriores a 2016.4.5 o 2017.2.1, no pudieron marcar las claves privadas del servidor MCollective como confidenciales (una funcionalidad agregada en Puppet versión 4.6), ya que los valores d... • https://puppet.com/security/cve/cve-2017-2294 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2017-2292 – Gentoo Linux Security Advisory 201709-01
https://notcve.org/view.php?id=CVE-2017-2292
30 Jun 2017 — Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior. YAML deserializado de las versiones anteriores a 2.10.4 de MCollective de agentes sin llamar a safe_load, permite la potencial ejecución de códig... • https://puppet.com/security/cve/cve-2017-2292 • CWE-502: Deserialization of Untrusted Data •