Page 6 of 55 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. Múltiples vulnerabilidades de XSS en Puppet Dashboard 1.0 anterior a 1.2.5 y Enterprise 1.0 anterior a 1.2.5 y 2.x anterior a 2.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de campos no especificados. • http://puppetlabs.com/security/cve/cve-2012-0891 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de CSRF en los componentes (1) gestión de solicitudes de nodo, (2) gestión viva y (3) administración de usuario en la consola en Puppet Enterprise (PE) anterior a 2.7.1 permiten a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • https://puppetlabs.com/security/cve/cve-2013-1399 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console. El script maestro de clasificación de nodo externo en Puppet Enterprise anterior a 3.2.0 no verifica la identidad de consolas, lo que permite a atacantes remotos crear clasificaciones arbitrarias en el maestro mediante la falsificación de una consola. • http://puppetlabs.com/security/cve/cve-2013-4966 http://www.securitytracker.com/id/1029873 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors. Puppet Enterprise anterior a 3.2.0 no restringe debidamente acceso a Endpoints de nodo en la consola, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://puppetlabs.com/security/cve/cve-2013-4971 http://www.securitytracker.com/id/1029873 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type. El panel de informe en Puppet Enterprise anterior a la versión 3.0.1 permite a atacantes remotos ejecutar código arbitrario YAML a través de un tipo de informe específico. • http://osvdb.org/98639 http://puppetlabs.com/security/cve/cve-2013-4957 http://secunia.com/advisories/55362 https://exchange.xforce.ibmcloud.com/vulnerabilities/88089 • CWE-94: Improper Control of Generation of Code ('Code Injection') •