Vulnerabilities > Puppet > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-13 | CVE-2017-7529 | Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. | 7.5 |
| 2017-07-05 | CVE-2017-2295 | Deserialization of Untrusted Data vulnerability in multiple products Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. | 8.2 |
| 2017-07-05 | CVE-2017-2294 | Information Exposure vulnerability in Puppet Enterprise Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. | 7.5 |
| 2017-03-03 | CVE-2017-2290 | Incorrect Permission Assignment for Critical Resource vulnerability in Puppet Mcollective-Puppet-Agent 1.12.0 On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco puppet" run. | 8.8 |
| 2016-04-11 | CVE-2015-7330 | 7PK - Security Features vulnerability in Puppet Enterprise 2015.3.0 Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol. | 8.8 |