Latest Vulnerabilities Affecting Puppetlabs products

Date	CVE	Title	CVSS
2018-05-08	CVE-2018-6510	Cross-Site Scripting (XSS) vulnerability in Puppetlabs Puppet 2017.3	Low
2018-05-08	CVE-2018-6511	Cross-Site Scripting (XSS) vulnerability in Puppetlabs Puppet 2017.3	Low
2017-10-18	CVE-2016-5714	Improper Access Control vulnerability in Puppetlabs Puppet Agent and Puppet Enterprise	Medium
2017-08-09	CVE-2016-5716	Format String Vulnerability vulnerability in Puppetlabs Puppet Enterprise	Medium
2017-06-30	CVE-2017-2298	Input Validation vulnerability in Puppetlabs Mcollective Sshkey Security 0.5.0	Medium
2017-03-03	CVE-2017-2290	Permissions, Privileges, and Access Control vulnerability in Puppetlabs Mcollective Puppet Agent 1.12.0	High
2017-02-13	CVE-2016-2787	Improper Access Control vulnerability in Puppetlabs Puppet Enterprise 2015.3/2015.3.2	Medium
2017-02-13	CVE-2016-2788	Improper Access Control vulnerability in Puppet and Puppetlabs products	High
2017-02-08	CVE-2016-9686	Input Validation vulnerability in Puppetlabs Puppet Enterprise 2016.4.0/2016.4.2/2016.5.1	Medium
2017-01-30	CVE-2015-7331	Security Features vulnerability in Puppetlabs Mcollective Puppet Agent 1.11.0	Medium
2016-06-10	CVE-2016-2785	Improper Access Control vulnerability in Puppetlabs Puppet, puppet agent and puppet server	High
2016-06-10	CVE-2016-2786	Input Validation vulnerability in Puppetlabs Puppet Agent and Puppet Enterprise	High
2016-01-08	CVE-2015-7328	Information Leak / Disclosure vulnerability in Puppetlabs Puppet Enterprise	Low
2015-02-23	CVE-2015-1426	Information Leak / Disclosure vulnerability in Puppetlabs Facter	Low
2015-02-03	CVE-2014-9568	Information Leak / Disclosure vulnerability in Puppetlabs Rabbitmq 3.0.0/3.1.0/4.0.0	Low

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.