pkg:Debian/puppet

All known vulnerabilities

• CRITICAL9.8CVE-2016-5713Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables t…
  from 0, < 4.7.0-1
• HIGH8.2CVE-2017-2295puppet - security update
  from 0, < 2.7.23-1~deb7u4
• HIGH8.2CVE-2017-2295puppet - security update
  from 0, < 4.8.2-5
• HIGH8.2puppet - security update
  from 0, < 3.7.2-4+deb8u1
• HIGH7.2Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whiteli…
  from 0, < 4.8.0-1
• MEDIUM6.5Silent Configuration Failure in Puppet Agent
  from 0
• MEDIUM6.5Unsafe HTTP Redirect in Puppet Agent and Puppet Server
  from 0
• MEDIUM6.5Improper Certificate Validation in Puppet
  from 0
• MEDIUM6.5The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote a…
  from 0, < 3.7.0-1
• MEDIUM5.5Tarball permission preservation in puppet
  from 0, < 5.4.0-1
• —Puppet does not properly restrict access to node resources
  from 0, < 2.6.2-3
• —Puppet uses predictable filenames, allowing arbitrary file overwrite
  from 0, < 2.7.3-3
• —Puppet arbitrary file overwrite
  from 0, < 2.7.3-3
• —Puppet allows local users to modify the permissions of arbitrary files
  from 0, < 2.7.3-3
• —Puppet Denial of Service and Arbitrary File Write
  from 0, < 2.7.13-1
• —puppet - several
  from 0, < 2.7.13-1
• —Puppet Arbitrary Command Execution
  from 0, < 2.7.13-1
• —puppet - several
  from 0, < 2.6.2-5+squeeze5
• —puppet - several
  from 0, < 2.6.2-5+squeeze4
• —puppet - several
  from 0, < 2.7.11-1
• —Puppet arbitrary files overwrite via a symlink attack
  from 0, < 0.25.4-2
• —Puppet supports use of IP addresses in certnames without warning of potential risks
  from 0, < 2.7.18-1
• —Puppet allows local users to overwrite arbitrary files via a symlink attack
  from 0, < 2.7.13-1
• —puppet - several
  from 0, < 3.2.4-1
• —puppet - code execution
  from 0, < 2.6.2-5+squeeze8
• —puppet - several
  from 0, < 2.7.23-1~deb7u1
• —Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
  from 0, < 2.7.18-1
• —Puppet allows local users to obtain sensitive configuration information
  from 0, < 2.7.18-1
• —puppet - code execution
  from 0, < 3.2.2-1
• —Puppet vulnerable to Path Traversal
  from 0, < 2.7.18-1
• —Puppet Improper Input Validation vulnerability
  from 0, < 2.7.18-3
• —facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability
  from 0, < 3.7.0-1
• —puppet - insecure temporary files
  from 0, < 2.6.2-5+squeeze9
• —puppet - insecure temporary files
  from 0, < 3.4.1-1
• —Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x…
  from 0, < 3.2.4-1
• —puppet - security update
  from 0, < 2.6.4-2
• —puppet - security update
  from 0, < 2.6.2-5+squeeze10
• —The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Pup…
  from 0, < 2.7.18-3
• —Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the pupp…
  from 0, < 2.7-1
• —Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol b…
  from 0, < 2.7.18-3
• —Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listenin…
  from 0, < 2.7.18-3
• —Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote…
  from 0, < 2.7.18-3
• —puppet - several issues
  from 0, < 2.6.2-5+squeeze7
• —puppet - several issues
  from 0, < 2.7.18-3
• —puppet - several
  from 0, < 2.7.18-1
• —puppet - several
  from 0, < 2.6.2-5+squeeze6
• —Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows…
  from 0, < 2.7.13-1
• —Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a u…
  from 0, < 2.7.11-1
• —puppet - programming error
  from 0, < 2.7.6-1
• —puppet - programming error
  from 0, < 0.24.5-3+lenny2
• —puppet - several
  from 0, < 2.7.3-2
• —puppet - several
  from 0, < 2.6.2-5+squeeze1
• —puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to a…
  from 0, < 0.25.1-3