CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7331
https://notcve.org/view.php?id=CVE-2015-7331
30 Jan 2017 — The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. El plugin mcollective-puppet-agent en versiones anteriores a 1.11.1 para Puppet permite a atacantes remotos ejecutar código arbitrario a través de vectores que implican el argumento --server. • http://www.securityfocus.com/bid/92432 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3251 – Gentoo Linux Security Advisory 201412-15
https://notcve.org/view.php?id=CVE-2014-3251
12 Aug 2014 — The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition. El plugin MCollective aes_security, utilizado en Puppet Enterprise anterior a 3.3.0 y Mcollective anterior a 2.5.3, no valida debidamente los certificados de servidores nuevos basado en el certif... • http://puppetlabs.com/security/cve/cve-2014-3251 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •