Vulnerabilities > Puppet > Puppet Enterprise > 2016.4.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-08 | CVE-2018-6511 | Cross-site Scripting vulnerability in Puppet Enterprise A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. | 5.4 |
| 2018-05-08 | CVE-2018-6510 | Cross-site Scripting vulnerability in Puppet Enterprise A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. | 5.4 |
| 2018-02-09 | CVE-2017-10690 | Improper Privilege Management vulnerability in multiple products In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. | 6.5 |
| 2018-02-09 | CVE-2017-10689 | Improper Privilege Management vulnerability in multiple products In previous versions of Puppet Agent it was possible to install a module with world writable permissions. | 5.5 |
| 2017-07-13 | CVE-2017-7529 | Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. | 7.5 |