| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-2jc8-n1j4-m7c6 |
| vulnerability_id |
VCID-2jc8-n1j4-m7c6 |
| summary |
Puppet Privilege Escallation
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1053 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13389 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13348 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13551 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13489 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13372 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13418 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13453 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13479 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.1343 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1053 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.14 |
| purl |
pkg:gem/puppet@2.6.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 8 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 9 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 10 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 11 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 12 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 13 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 14 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 15 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 16 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 17 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 18 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.14 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.11 |
| purl |
pkg:gem/puppet@2.7.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 8 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 9 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 10 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 11 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 12 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 13 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 14 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 15 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 16 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 17 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 18 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.11 |
|
|
| aliases |
CVE-2012-1053, GHSA-77hg-g8cc-5r37
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| url |
VCID-3kma-3ffw-8qd9 |
| vulnerability_id |
VCID-3kma-3ffw-8qd9 |
| summary |
Improper Input Validation
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-3567 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91028 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91073 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91064 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91058 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91046 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91023 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91037 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-3567 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.22 |
| purl |
pkg:gem/puppet@2.7.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.22 |
|
| 1 |
| url |
pkg:gem/puppet@3.2.2 |
| purl |
pkg:gem/puppet@3.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.2.2 |
|
|
| aliases |
CVE-2013-3567, GHSA-f7p5-w2cr-7cp7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3kma-3ffw-8qd9 |
|
| 2 |
| url |
VCID-5g6u-uvej-xbad |
| vulnerability_id |
VCID-5g6u-uvej-xbad |
| summary |
Moderate severity vulnerability that affects puppet
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4761 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.7004 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70024 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69972 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69984 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69975 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69999 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70035 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70048 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70063 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4761 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.23 |
| purl |
pkg:gem/puppet@2.7.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.23 |
|
| 1 |
| url |
pkg:gem/puppet@3.2.4 |
| purl |
pkg:gem/puppet@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.2.4 |
|
|
| aliases |
CVE-2013-4761, GHSA-cj43-9h3w-v976
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5g6u-uvej-xbad |
|
| 3 |
| url |
VCID-5qhd-8wfe-27dy |
| vulnerability_id |
VCID-5qhd-8wfe-27dy |
| summary |
Puppet does not properly restrict access to node resources
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0528 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50016 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49966 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50003 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50031 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49982 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50037 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50029 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50047 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.5002 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0528 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0528, GHSA-9pvx-fwwh-w289
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5qhd-8wfe-27dy |
|
| 4 |
| url |
VCID-75gs-2gu3-6udx |
| vulnerability_id |
VCID-75gs-2gu3-6udx |
| summary |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3865 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78737 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78719 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78705 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78679 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78711 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78712 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0215 |
| scoring_system |
epss |
| scoring_elements |
0.84174 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.0215 |
| scoring_system |
epss |
| scoring_elements |
0.84205 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.0215 |
| scoring_system |
epss |
| scoring_elements |
0.84187 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3865 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.17 |
| purl |
pkg:gem/puppet@2.6.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 7 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 8 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 9 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 10 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 11 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 12 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 13 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 14 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 15 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 16 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.17 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.18 |
| purl |
pkg:gem/puppet@2.7.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18 |
|
|
| aliases |
CVE-2012-3865, GHSA-g89m-3wjw-h857
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-75gs-2gu3-6udx |
|
| 5 |
| url |
VCID-7ypq-wmb7-quhc |
| vulnerability_id |
VCID-7ypq-wmb7-quhc |
| summary |
Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3248 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37274 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37243 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37409 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37433 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37261 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37312 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37325 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37336 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37302 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3248 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.26 |
| purl |
pkg:gem/puppet@2.7.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.26 |
|
| 1 |
| url |
pkg:gem/puppet@3.6.2 |
| purl |
pkg:gem/puppet@3.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.6.2 |
|
|
| aliases |
CVE-2014-3248, GHSA-92v7-pq4h-58j5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7ypq-wmb7-quhc |
|
| 6 |
| url |
VCID-8xgm-pabz-hkeg |
| vulnerability_id |
VCID-8xgm-pabz-hkeg |
| summary |
Improper Privilege Management
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-10689 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25828 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25819 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.2577 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25699 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25728 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25786 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.2593 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25887 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25827 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-10689 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-10689, GHSA-vw22-465p-8j5w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgm-pabz-hkeg |
|
| 7 |
| url |
VCID-a7cn-eqbq-qyb1 |
| vulnerability_id |
VCID-a7cn-eqbq-qyb1 |
| summary |
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3871 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12983 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12904 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13102 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.1305 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12913 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12996 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13035 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12958 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3871 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.5 |
| purl |
pkg:gem/puppet@2.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-a7cn-eqbq-qyb1 |
|
| 8 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 9 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 10 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 11 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 12 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 13 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 14 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 15 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 16 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 17 |
| vulnerability |
VCID-txx3-3fzg-33cp |
|
| 18 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 19 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 20 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5 |
|
|
| aliases |
CVE-2011-3871, GHSA-mpmx-gm5v-q789
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cn-eqbq-qyb1 |
|
| 8 |
| url |
VCID-b94j-dcjk-eqeu |
| vulnerability_id |
VCID-b94j-dcjk-eqeu |
| summary |
Improper Authentication
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3408 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49113 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49083 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49111 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49065 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49119 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49116 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49133 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49107 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49049 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3408 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.18 |
| purl |
pkg:gem/puppet@2.7.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18 |
|
|
| aliases |
CVE-2012-3408, GHSA-vxf6-w9mp-95hm
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b94j-dcjk-eqeu |
|
| 9 |
| url |
VCID-h88b-abes-3bgr |
| vulnerability_id |
VCID-h88b-abes-3bgr |
| summary |
Puppet Denial of Service and Arbitrary File Write
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1987 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73429 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73406 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73392 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73355 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73409 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.7336 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73351 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73401 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73384 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1987 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.15 |
| purl |
pkg:gem/puppet@2.6.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 8 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 9 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 10 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 11 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 12 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 13 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 14 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 15 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 16 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 17 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 18 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.15 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.13 |
| purl |
pkg:gem/puppet@2.7.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 8 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 9 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 10 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 11 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 12 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 13 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 14 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 15 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 16 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 17 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 18 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13 |
|
|
| aliases |
CVE-2012-1987, GHSA-v58w-6xc2-w799
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr |
|
| 10 |
| url |
VCID-jhkk-5euf-uked |
| vulnerability_id |
VCID-jhkk-5euf-uked |
| summary |
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3869 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12885 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12834 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12754 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12951 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12803 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12768 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12813 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12851 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12901 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3869 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.5 |
| purl |
pkg:gem/puppet@2.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-a7cn-eqbq-qyb1 |
|
| 8 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 9 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 10 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 11 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 12 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 13 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 14 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 15 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 16 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 17 |
| vulnerability |
VCID-txx3-3fzg-33cp |
|
| 18 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 19 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 20 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5 |
|
|
| aliases |
CVE-2011-3869, GHSA-8c56-v25w-f89c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jhkk-5euf-uked |
|
| 11 |
| url |
VCID-kt2h-k72f-tqc7 |
| vulnerability_id |
VCID-kt2h-k72f-tqc7 |
| summary |
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1988 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65653 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65568 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65616 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65646 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65612 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65664 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65676 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65696 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65682 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1988 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.15 |
| purl |
pkg:gem/puppet@2.6.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 8 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 9 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 10 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 11 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 12 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 13 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 14 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 15 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 16 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 17 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 18 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.15 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.13 |
| purl |
pkg:gem/puppet@2.7.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 8 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 9 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 10 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 11 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 12 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 13 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 14 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 15 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 16 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 17 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 18 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13 |
|
|
| aliases |
CVE-2012-1988, GHSA-6xxq-j39w-g3f6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7 |
|
| 12 |
| url |
VCID-pdpa-qfpq-zkcq |
| vulnerability_id |
VCID-pdpa-qfpq-zkcq |
| summary |
Improper Input Validation
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1655 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70391 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70406 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70382 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70367 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70322 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70344 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70315 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70328 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70376 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1655 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.21 |
| purl |
pkg:gem/puppet@2.7.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.21 |
|
| 1 |
| url |
pkg:gem/puppet@3.1.1 |
| purl |
pkg:gem/puppet@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@3.1.1 |
|
|
| aliases |
CVE-2013-1655, GHSA-574q-fxfj-wv6h
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pdpa-qfpq-zkcq |
|
| 13 |
| url |
VCID-pgg8-9sk2-57ee |
| vulnerability_id |
VCID-pgg8-9sk2-57ee |
| summary |
Low severity vulnerability that affects puppet
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1989 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18333 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.1828 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18433 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18236 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18287 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18335 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18282 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18487 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18196 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1989 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.13 |
| purl |
pkg:gem/puppet@2.7.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 8 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 9 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 10 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 11 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 12 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 13 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 14 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 15 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 16 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 17 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 18 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13 |
|
|
| aliases |
CVE-2012-1989, GHSA-c5qq-g673-5p49
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pgg8-9sk2-57ee |
|
| 14 |
| url |
VCID-qdsk-m9ye-z3a4 |
| vulnerability_id |
VCID-qdsk-m9ye-z3a4 |
| summary |
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27023 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60563 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60584 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60598 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60577 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60441 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60512 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60543 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60516 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00397 |
| scoring_system |
epss |
| scoring_elements |
0.60561 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27023 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27023, GHSA-93j5-g845-9wqp
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qdsk-m9ye-z3a4 |
|
| 15 |
| url |
VCID-s94z-5sd6-33dk |
| vulnerability_id |
VCID-s94z-5sd6-33dk |
| summary |
Silent Configuration Failure in Puppet Agent
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27025 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.67253 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.67288 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.67301 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.67282 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.67268 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.6724 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.67216 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.67179 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27025 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27025, GHSA-q4g7-jrxv-67r9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s94z-5sd6-33dk |
|
| 16 |
| url |
VCID-tetf-xa1u-uffv |
| vulnerability_id |
VCID-tetf-xa1u-uffv |
| summary |
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1906 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19745 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19785 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19931 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19986 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19712 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19792 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19844 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19847 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19802 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1906 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.15 |
| purl |
pkg:gem/puppet@2.6.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 8 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 9 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 10 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 11 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 12 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 13 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 14 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 15 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 16 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 17 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 18 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.15 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.13 |
| purl |
pkg:gem/puppet@2.7.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 8 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 9 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 10 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 11 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 12 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 13 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 14 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 15 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 16 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 17 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 18 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.13 |
|
|
| aliases |
CVE-2012-1906, GHSA-c4mc-49hq-q275
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tetf-xa1u-uffv |
|
| 17 |
| url |
VCID-txx3-3fzg-33cp |
| vulnerability_id |
VCID-txx3-3fzg-33cp |
| summary |
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3870 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09483 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09435 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09361 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09451 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09397 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09452 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09469 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09496 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09401 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3870 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.5 |
| purl |
pkg:gem/puppet@2.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 2 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 3 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 4 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 5 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 6 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 7 |
| vulnerability |
VCID-a7cn-eqbq-qyb1 |
|
| 8 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 9 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 10 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 11 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 12 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 13 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 14 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 15 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 16 |
| vulnerability |
VCID-tetf-xa1u-uffv |
|
| 17 |
| vulnerability |
VCID-txx3-3fzg-33cp |
|
| 18 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 19 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 20 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.5 |
|
|
| aliases |
CVE-2011-3870, GHSA-qh3g-27jf-3j54
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-txx3-3fzg-33cp |
|
| 18 |
| url |
VCID-vgbw-4yuu-57fz |
| vulnerability_id |
VCID-vgbw-4yuu-57fz |
| summary |
Low severity vulnerability that affects puppet
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3866 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15657 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15692 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15725 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15666 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.1558 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15712 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15593 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15674 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15776 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3866 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.7.18 |
| purl |
pkg:gem/puppet@2.7.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18 |
|
|
| aliases |
CVE-2012-3866, GHSA-8jxj-9r5f-w3m2
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vgbw-4yuu-57fz |
|
| 19 |
| url |
VCID-wage-71h9-6qay |
| vulnerability_id |
VCID-wage-71h9-6qay |
| summary |
Moderate severity vulnerability that affects puppet
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3867 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80592 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80575 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80565 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80516 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80571 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80578 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80544 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80522 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80536 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3867 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/puppet@2.6.17 |
| purl |
pkg:gem/puppet@2.6.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-b94j-dcjk-eqeu |
|
| 7 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 8 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 9 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 10 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 11 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 12 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 13 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 14 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 15 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 16 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.6.17 |
|
| 1 |
| url |
pkg:gem/puppet@2.7.18 |
| purl |
pkg:gem/puppet@2.7.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3kma-3ffw-8qd9 |
|
| 1 |
| vulnerability |
VCID-5g6u-uvej-xbad |
|
| 2 |
| vulnerability |
VCID-5qhd-8wfe-27dy |
|
| 3 |
| vulnerability |
VCID-75gs-2gu3-6udx |
|
| 4 |
| vulnerability |
VCID-7ypq-wmb7-quhc |
|
| 5 |
| vulnerability |
VCID-8xgm-pabz-hkeg |
|
| 6 |
| vulnerability |
VCID-h88b-abes-3bgr |
|
| 7 |
| vulnerability |
VCID-jhkk-5euf-uked |
|
| 8 |
| vulnerability |
VCID-kt2h-k72f-tqc7 |
|
| 9 |
| vulnerability |
VCID-pdpa-qfpq-zkcq |
|
| 10 |
| vulnerability |
VCID-pgg8-9sk2-57ee |
|
| 11 |
| vulnerability |
VCID-qdsk-m9ye-z3a4 |
|
| 12 |
| vulnerability |
VCID-s94z-5sd6-33dk |
|
| 13 |
| vulnerability |
VCID-vgbw-4yuu-57fz |
|
| 14 |
| vulnerability |
VCID-wage-71h9-6qay |
|
| 15 |
| vulnerability |
VCID-ww8x-tzxr-4qbn |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/puppet@2.7.18 |
|
|
| aliases |
CVE-2012-3867, GHSA-q44r-f2hm-v76v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wage-71h9-6qay |
|
| 20 |
| url |
VCID-ww8x-tzxr-4qbn |
| vulnerability_id |
VCID-ww8x-tzxr-4qbn |
| summary |
Improper Link Resolution Before File Access ('Link Following')
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0156 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.1275 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12785 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12883 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12933 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12736 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12816 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12867 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12833 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12795 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0156 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-0156, GHSA-vrh7-99jh-3fmm
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ww8x-tzxr-4qbn |
|
|
|---|