| 0 |
| url |
VCID-2jc8-n1j4-m7c6 |
| vulnerability_id |
VCID-2jc8-n1j4-m7c6 |
| summary |
Puppet Privilege Escallation
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1053 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13357 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13389 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13489 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13551 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13348 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.1343 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13479 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13453 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13418 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13372 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13279 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13277 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1053 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1053, GHSA-77hg-g8cc-5r37
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2jc8-n1j4-m7c6 |
|
| 1 |
| url |
VCID-3kma-3ffw-8qd9 |
| vulnerability_id |
VCID-3kma-3ffw-8qd9 |
| summary |
Improper Input Validation
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-3567 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91073 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91064 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91058 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91046 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91023 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91028 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.911 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91097 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91098 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91037 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-3567 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-3567, GHSA-f7p5-w2cr-7cp7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3kma-3ffw-8qd9 |
|
| 2 |
| url |
VCID-3zzj-krc5-skea |
| vulnerability_id |
VCID-3zzj-krc5-skea |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2275 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59361 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59231 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59304 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59328 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59292 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59343 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59356 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59375 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59359 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59341 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59373 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.5938 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2275 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-2275
|
| risk_score |
1.8 |
| exploitability |
0.5 |
| weighted_severity |
3.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3zzj-krc5-skea |
|
| 3 |
| url |
VCID-5g6u-uvej-xbad |
| vulnerability_id |
VCID-5g6u-uvej-xbad |
| summary |
Moderate severity vulnerability that affects puppet
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4761 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70067 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.7004 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70063 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70048 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70035 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70078 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69972 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69984 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69999 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69975 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70024 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4761 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4761, GHSA-cj43-9h3w-v976
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5g6u-uvej-xbad |
|
| 4 |
| url |
VCID-72s2-y7m6-kuf6 |
| vulnerability_id |
VCID-72s2-y7m6-kuf6 |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which might allow local attackers to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1054 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21599 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21826 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21579 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21656 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21713 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21724 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21685 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21628 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21627 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21634 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21602 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1054 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1054
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-72s2-y7m6-kuf6 |
|
| 5 |
| url |
VCID-73uh-2gkm-6kgy |
| vulnerability_id |
VCID-73uh-2gkm-6kgy |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4956 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29083 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29157 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29207 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29018 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29082 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29124 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.2913 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29085 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29034 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29062 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29039 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.28993 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4956 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4956
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-73uh-2gkm-6kgy |
|
| 6 |
| url |
VCID-75gs-2gu3-6udx |
| vulnerability_id |
VCID-75gs-2gu3-6udx |
| summary |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3865 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.7874 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78679 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78711 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78719 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78737 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78705 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78712 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78734 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78738 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.0215 |
| scoring_system |
epss |
| scoring_elements |
0.84187 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.0215 |
| scoring_system |
epss |
| scoring_elements |
0.84205 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.0215 |
| scoring_system |
epss |
| scoring_elements |
0.84174 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3865 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3865, GHSA-g89m-3wjw-h857
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-75gs-2gu3-6udx |
|
| 7 |
| url |
VCID-7jtp-a1nw-bqfs |
| vulnerability_id |
VCID-7jtp-a1nw-bqfs |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1640 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83492 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83389 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83402 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83416 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83415 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.8344 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.8345 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83464 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83458 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83453 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83489 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.8349 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1640 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1640
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7jtp-a1nw-bqfs |
|
| 8 |
| url |
VCID-a7cn-eqbq-qyb1 |
| vulnerability_id |
VCID-a7cn-eqbq-qyb1 |
| summary |
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3871 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12913 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12996 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13035 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12983 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12904 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12958 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.1305 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13102 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12915 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12817 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12814 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3871 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3871, GHSA-mpmx-gm5v-q789
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cn-eqbq-qyb1 |
|
| 9 |
| url |
VCID-b94j-dcjk-eqeu |
| vulnerability_id |
VCID-b94j-dcjk-eqeu |
| summary |
Improper Authentication
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3408 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49124 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49119 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49116 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49133 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49107 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49113 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49158 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49156 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49049 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49083 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49111 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49065 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3408 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3408, GHSA-vxf6-w9mp-95hm
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b94j-dcjk-eqeu |
|
| 10 |
| url |
VCID-fdk4-8wtn-nqct |
| vulnerability_id |
VCID-fdk4-8wtn-nqct |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which might allow local attackers to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3848 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62653 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62711 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62742 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62706 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62758 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62775 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62793 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62783 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.6276 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62801 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62808 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62789 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3848 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3848
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fdk4-8wtn-nqct |
|
| 11 |
| url |
VCID-fjbx-bqnn-2bf3 |
| vulnerability_id |
VCID-fjbx-bqnn-2bf3 |
| summary |
insecure temporary files |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4969 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11455 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11408 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11536 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11591 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1138 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11464 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11523 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11533 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11499 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11469 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1133 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4969 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4969
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fjbx-bqnn-2bf3 |
|
| 12 |
| url |
VCID-h88b-abes-3bgr |
| vulnerability_id |
VCID-h88b-abes-3bgr |
| summary |
Puppet Denial of Service and Arbitrary File Write
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1987 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73445 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73351 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.7336 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73384 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73355 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73392 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73406 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73429 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73409 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73401 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73443 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73451 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1987 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1987, GHSA-v58w-6xc2-w799
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr |
|
| 13 |
| url |
VCID-jhkk-5euf-uked |
| vulnerability_id |
VCID-jhkk-5euf-uked |
| summary |
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3869 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.1278 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12901 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12951 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12754 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12834 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12885 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12851 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12813 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12768 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12671 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12678 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12803 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3869 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3869, GHSA-8c56-v25w-f89c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jhkk-5euf-uked |
|
| 14 |
| url |
VCID-kt2h-k72f-tqc7 |
| vulnerability_id |
VCID-kt2h-k72f-tqc7 |
| summary |
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1988 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65684 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65568 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65616 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65646 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65612 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65664 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65676 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65696 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65682 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65653 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65688 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65701 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1988 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1988, GHSA-6xxq-j39w-g3f6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7 |
|
| 15 |
| url |
VCID-nf2h-5vd2-6kb1 |
| vulnerability_id |
VCID-nf2h-5vd2-6kb1 |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1653 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83558 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83457 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83469 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83484 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83482 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83507 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83516 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83531 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83525 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83521 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83556 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83557 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1653 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1653
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nf2h-5vd2-6kb1 |
|
| 16 |
| url |
VCID-pdpa-qfpq-zkcq |
| vulnerability_id |
VCID-pdpa-qfpq-zkcq |
| summary |
Improper Input Validation
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1655 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70428 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70419 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70376 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70391 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70406 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70382 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70344 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70409 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70322 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70315 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70367 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70328 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1655 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1655, GHSA-574q-fxfj-wv6h
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pdpa-qfpq-zkcq |
|
| 17 |
| url |
VCID-pgg8-9sk2-57ee |
| vulnerability_id |
VCID-pgg8-9sk2-57ee |
| summary |
Low severity vulnerability that affects puppet
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1989 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18236 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18287 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18196 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18221 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18193 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18181 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.1828 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18335 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18333 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18282 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18433 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18487 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1989 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1989, GHSA-c5qq-g673-5p49
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pgg8-9sk2-57ee |
|
| 18 |
| url |
VCID-rfcx-7kc9-mbcr |
| vulnerability_id |
VCID-rfcx-7kc9-mbcr |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2274 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.83037 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82933 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82949 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82961 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82959 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82983 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82991 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.83007 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.83 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82996 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.83035 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2274 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-2274
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rfcx-7kc9-mbcr |
|
| 19 |
| url |
VCID-rrky-upea-nfd4 |
| vulnerability_id |
VCID-rrky-upea-nfd4 |
| summary |
puppet: authenticated clients allowed to read arbitrary files from the puppet master |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3864 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54466 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54542 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54565 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54534 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54586 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.5458 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54592 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54574 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54553 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.5459 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54569 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3864 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3864
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rrky-upea-nfd4 |
|
| 20 |
| url |
VCID-sweb-hbec-k3ha |
| vulnerability_id |
VCID-sweb-hbec-k3ha |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1652 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60451 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60288 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60364 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60391 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60359 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60407 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60424 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60444 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60431 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60411 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60452 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.6046 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1652 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1652
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sweb-hbec-k3ha |
|
| 21 |
| url |
VCID-tetf-xa1u-uffv |
| vulnerability_id |
VCID-tetf-xa1u-uffv |
| summary |
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1906 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19734 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19712 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19792 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19844 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19847 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19802 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19745 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.1972 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19722 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19785 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19931 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19986 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1906 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1906, GHSA-c4mc-49hq-q275
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tetf-xa1u-uffv |
|
| 22 |
| url |
VCID-txx3-3fzg-33cp |
| vulnerability_id |
VCID-txx3-3fzg-33cp |
| summary |
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3870 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09469 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09496 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09483 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09435 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09361 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09397 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09401 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09451 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09345 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09344 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09452 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3870 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3870, GHSA-qh3g-27jf-3j54
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-txx3-3fzg-33cp |
|
| 23 |
| url |
VCID-v9kt-4vxm-ekdw |
| vulnerability_id |
VCID-v9kt-4vxm-ekdw |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6120 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12924 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12968 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13059 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13111 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12914 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12994 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13045 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13007 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12923 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12823 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12826 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6120 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-6120
|
| risk_score |
0.9 |
| exploitability |
0.5 |
| weighted_severity |
1.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v9kt-4vxm-ekdw |
|
| 24 |
| url |
VCID-vgbw-4yuu-57fz |
| vulnerability_id |
VCID-vgbw-4yuu-57fz |
| summary |
Low severity vulnerability that affects puppet
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3866 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15529 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15712 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15776 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.1558 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15666 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15725 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15692 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15657 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15593 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.1552 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15674 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3866 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3866, GHSA-8jxj-9r5f-w3m2
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vgbw-4yuu-57fz |
|
| 25 |
| url |
VCID-vrzs-81t1-jyax |
| vulnerability_id |
VCID-vrzs-81t1-jyax |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which might allow local attackers to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3872 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.85995 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86006 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86023 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86022 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86042 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86051 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86065 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86063 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86058 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86076 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86081 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86073 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3872 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3872
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vrzs-81t1-jyax |
|
| 26 |
| url |
VCID-wage-71h9-6qay |
| vulnerability_id |
VCID-wage-71h9-6qay |
| summary |
Moderate severity vulnerability that affects puppet
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3867 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80599 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80571 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80578 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80544 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80604 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80601 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80536 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80592 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80575 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80565 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80516 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80522 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3867 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3867, GHSA-q44r-f2hm-v76v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wage-71h9-6qay |
|
| 27 |
| url |
VCID-wdwr-8m6q-kff5 |
| vulnerability_id |
VCID-wdwr-8m6q-kff5 |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1654 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.64032 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63902 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63961 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63988 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63998 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.64016 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.64028 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.64014 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63984 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.64019 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1654 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1654
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wdwr-8m6q-kff5 |
|
| 28 |
| url |
VCID-yycs-ny3v-pyeh |
| vulnerability_id |
VCID-yycs-ny3v-pyeh |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1986 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.58974 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59049 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59071 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59036 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59087 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59093 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59111 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59075 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.5911 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59115 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59095 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1986 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1986
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yycs-ny3v-pyeh |
|