Page 9 of 45 results (0.029 seconds)

CVSS: 3.7EPSS: 0%CPEs: 28EXPL: 0

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions. Puppet Module Tool (PMT), usado en Puppet 2.7.x anterior a 2.7.23 y 3.2.x anterior a 3.2.4, y Puppet Enterprise 2.8.x anterior a 2.8.3 y 3.0.x anterior a 3.0.1, instala módulos con permisos débiles si estos son utilizados cuando los módulos se construyen inicialmente, lo que podría permitir a usuarios locales leer o modificar dichos módulos dependiendo de los permisos originales. • http://puppetlabs.com/security/cve/cve-2013-4956 http://rhn.redhat.com/errata/RHSA-2013-1283.html http://rhn.redhat.com/errata/RHSA-2013-1284.html http://www.debian.org/security/2013/dsa-2761 https://access.redhat.com/security/cve/CVE-2013-4956 https://bugzilla.redhat.com/show_bug.cgi?id=996855 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 22%CPEs: 41EXPL: 0

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. Puppet 2.7.x anterior a 2.7.22 y 3.2.x anterior a 3.2.2, y Puppet Enterprise anterior a 2.8.2, deserializa YAML sin confianza, lo que permite a atacantes remotos la instanciación de clases de Ruby y ejecutar código arbitrario a través de una llamada RESTAPI manipulada. • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html http://rhn.redhat.com/errata/RHSA-2013-1283.html http://rhn.redhat.com/errata/RHSA-2013-1284.html http://secunia.com/advisories/54429 http://www.debian.org/security/2013/dsa-2715 http://www.ubuntu.com/usn/USN-1886-1 https://puppetlabs.com/security/cve/cve-2013-3567 https://access.redhat.com/security/cve/CVE-2013-3567 https& • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •

CVSS: 7.1EPSS: 1%CPEs: 37EXPL: 0

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request. Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21, y v3.1.x anterior a v3.1.1, y Puppet Enterprise anterior a v1.2.7 y v2.7.x anterior a v2.7.2, cuando la espera de conexiones entrantes está activado y permiten el acceso al REST "run", permiten a usuarios remotos autenticados ejecutar código arbitrario a través de un solicitud HTTP especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://secunia.com/advisories/52596 http://ubuntu.com/usn/usn-1759-1 http://www.debian.org/security/2013/dsa-2643 http://www.securityfocus.com/bid/58446 https://puppetlabs.com/security/cve/cve-2013-1653 •

CVSS: 4.0EPSS: 0%CPEs: 46EXPL: 0

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors. La configuración por defecto para puppet masters v0.25.0 y posteriores en Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21 y v3.1.x anterior a 3.1.1, y Puppet Enterprise anterior a v1.2.7 y v2.7.x anterior a v2.7.2, permite a los nodos remotos autenticados enviar informes para otros nodos a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://rhn.redhat.com/errata/RHSA-2013-0710.html http://secunia.com/advisories/52596 http://ubuntu.com/usn/usn-1759-1 http://www.debian.org/security/2013/dsa-2643 http://www.securityfocus.com/bid/58449 https://puppetlabs.com/security/cve/cve-2013-2275 https://access.redhat.com/security/cve/CVE-2013-2275 https://bugzilla.redhat.com& •

CVSS: 4.9EPSS: 0%CPEs: 29EXPL: 0

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors. Puppet anterior a v2.6.18, v2.7.x anterior a v2.7.21, y v3.1.x anterior a v3.1.1, y Puppet Enterprise anterior a v1.2.7 y v2.7.x anterior a v2.7.2 permite a usuarios remotos autenticados con un certificado válido y una clave privada leer catalogs arbitrarios o envenenar la caché del maestro a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html http://rhn.redhat.com/errata/RHSA-2013-0710.html http://secunia.com/advisories/52596 http://ubuntu.com/usn/usn-1759-1 http://www.debian.org/security/2013/dsa-2643 http://www.securityfocus.com/bid/58443 https://puppetlabs.com/security/cve/cve-2013-1652 https://access.redhat.com/security/cve/CVE-2013-1652 https://bugzilla.redhat.com& • CWE-264: Permissions, Privileges, and Access Controls •