| 0 |
| url |
VCID-18aq-72zg-3uc9 |
| vulnerability_id |
VCID-18aq-72zg-3uc9 |
| summary |
puppet: Unsafe YAML deserialization |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2295 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.8313 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.83236 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.83233 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.83234 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.83147 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.83161 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.83159 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.83184 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.83191 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.83207 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.83201 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.01893 |
| scoring_system |
epss |
| scoring_elements |
0.83197 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2295 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2295
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-18aq-72zg-3uc9 |
|
| 1 |
| url |
VCID-1dbs-z8sn-e3fv |
| vulnerability_id |
VCID-1dbs-z8sn-e3fv |
| summary |
Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7328 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07396 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07276 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07271 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07137 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07265 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07309 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07293 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07348 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07376 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07372 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07359 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07346 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7328 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7328
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1dbs-z8sn-e3fv |
|
| 2 |
| url |
VCID-2jc8-n1j4-m7c6 |
| vulnerability_id |
VCID-2jc8-n1j4-m7c6 |
| summary |
Puppet Privilege Escallation
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1053 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13357 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13389 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13489 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13551 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13348 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.1343 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13479 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13453 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13418 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13372 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13279 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13277 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1053 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1053, GHSA-77hg-g8cc-5r37
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2jc8-n1j4-m7c6 |
|
| 3 |
| url |
VCID-37yk-3v22-4qg7 |
| vulnerability_id |
VCID-37yk-3v22-4qg7 |
| summary |
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6512 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78268 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78271 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78185 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78194 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78224 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78206 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78232 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78238 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78264 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78247 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78242 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78274 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6512 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6512
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-37yk-3v22-4qg7 |
|
| 4 |
| url |
VCID-3jdp-jh74-37c6 |
| vulnerability_id |
VCID-3jdp-jh74-37c6 |
| summary |
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4958 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12509 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12612 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12653 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12465 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12544 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12594 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12561 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.1252 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12481 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12384 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12388 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12504 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4958 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4958
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3jdp-jh74-37c6 |
|
| 5 |
| url |
VCID-3kma-3ffw-8qd9 |
| vulnerability_id |
VCID-3kma-3ffw-8qd9 |
| summary |
Improper Input Validation
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-3567 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91073 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91064 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91058 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91046 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91023 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91028 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.911 |
| published_at |
2026-04-21T12:55:00Z |
|
| 7 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91097 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91098 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.06459 |
| scoring_system |
epss |
| scoring_elements |
0.91037 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-3567 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-3567, GHSA-f7p5-w2cr-7cp7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3kma-3ffw-8qd9 |
|
| 6 |
| url |
VCID-3zzj-krc5-skea |
| vulnerability_id |
VCID-3zzj-krc5-skea |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2275 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59361 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59231 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59304 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59328 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59292 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59343 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59356 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59375 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59359 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59341 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59373 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.5938 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2275 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-2275
|
| risk_score |
1.8 |
| exploitability |
0.5 |
| weighted_severity |
3.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3zzj-krc5-skea |
|
| 7 |
| url |
VCID-4tw7-zg73-q3cd |
| vulnerability_id |
VCID-4tw7-zg73-q3cd |
| summary |
A privilege escalation allowing remote code execution was discovered in the orchestration service. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-2530 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07317 |
| scoring_system |
epss |
| scoring_elements |
0.91652 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91923 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.9193 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91943 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91948 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91951 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.9195 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91947 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91966 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91964 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.9196 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-2530 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-2530
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4tw7-zg73-q3cd |
|
| 8 |
| url |
VCID-56xc-5fxu-kka3 |
| vulnerability_id |
VCID-56xc-5fxu-kka3 |
| summary |
Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4762 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4749 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4752 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47541 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47489 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47544 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4754 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47563 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47539 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47547 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47605 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47598 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47549 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4762 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4762
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-56xc-5fxu-kka3 |
|
| 9 |
| url |
VCID-5g6u-uvej-xbad |
| vulnerability_id |
VCID-5g6u-uvej-xbad |
| summary |
Moderate severity vulnerability that affects puppet
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4761 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70067 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.7004 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70063 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70048 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70035 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70078 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70087 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69972 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69984 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69999 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.69975 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.0062 |
| scoring_system |
epss |
| scoring_elements |
0.70024 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4761 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4761, GHSA-cj43-9h3w-v976
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5g6u-uvej-xbad |
|
| 10 |
| url |
VCID-5qhd-8wfe-27dy |
| vulnerability_id |
VCID-5qhd-8wfe-27dy |
| summary |
Puppet does not properly restrict access to node resources
Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0528 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49982 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50036 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50064 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50062 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50016 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.5002 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50047 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50029 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49966 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50003 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50037 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.50031 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-0528 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0528, GHSA-9pvx-fwwh-w289
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5qhd-8wfe-27dy |
|
| 11 |
| url |
VCID-5uhz-zcuf-4uej |
| vulnerability_id |
VCID-5uhz-zcuf-4uej |
| summary |
The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4966 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.4496 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45041 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45063 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45006 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45058 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.4508 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45048 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45051 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.451 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45094 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45046 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4966 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4966
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5uhz-zcuf-4uej |
|
| 12 |
| url |
VCID-6vjt-rsq7-ekc9 |
| vulnerability_id |
VCID-6vjt-rsq7-ekc9 |
| summary |
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1399 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30311 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30339 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30387 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30203 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30262 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30297 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30301 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30258 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30211 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30225 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30207 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30163 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1399 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1399
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6vjt-rsq7-ekc9 |
|
| 13 |
| url |
VCID-729g-ky6n-1yfg |
| vulnerability_id |
VCID-729g-ky6n-1yfg |
| summary |
The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1398 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69846 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69859 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69874 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69851 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69899 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69915 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69939 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69923 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69909 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69952 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69962 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69944 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1398 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1398
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-729g-ky6n-1yfg |
|
| 14 |
| url |
VCID-72s2-y7m6-kuf6 |
| vulnerability_id |
VCID-72s2-y7m6-kuf6 |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which might allow local attackers to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1054 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21599 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21772 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21826 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21579 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21656 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21713 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21724 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21685 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21628 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21627 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21634 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00071 |
| scoring_system |
epss |
| scoring_elements |
0.21602 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1054 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1054
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-72s2-y7m6-kuf6 |
|
| 15 |
| url |
VCID-73uh-2gkm-6kgy |
| vulnerability_id |
VCID-73uh-2gkm-6kgy |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4956 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29083 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29157 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29207 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29018 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29082 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29124 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.2913 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29085 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29034 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29062 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.29039 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00108 |
| scoring_system |
epss |
| scoring_elements |
0.28993 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4956 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4956
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-73uh-2gkm-6kgy |
|
| 16 |
| url |
VCID-75gs-2gu3-6udx |
| vulnerability_id |
VCID-75gs-2gu3-6udx |
| summary |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3865 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.7874 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78679 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78711 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78719 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78737 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78705 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78712 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78734 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.01176 |
| scoring_system |
epss |
| scoring_elements |
0.78738 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.0215 |
| scoring_system |
epss |
| scoring_elements |
0.84187 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.0215 |
| scoring_system |
epss |
| scoring_elements |
0.84205 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.0215 |
| scoring_system |
epss |
| scoring_elements |
0.84174 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3865 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3865, GHSA-g89m-3wjw-h857
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-75gs-2gu3-6udx |
|
| 17 |
| url |
VCID-7jtp-a1nw-bqfs |
| vulnerability_id |
VCID-7jtp-a1nw-bqfs |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1640 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83492 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83389 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83402 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83416 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83415 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.8344 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.8345 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83464 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83458 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83453 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.83489 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.01948 |
| scoring_system |
epss |
| scoring_elements |
0.8349 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1640 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1640
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7jtp-a1nw-bqfs |
|
| 18 |
| url |
VCID-7kzg-339v-vqbs |
| vulnerability_id |
VCID-7kzg-339v-vqbs |
| summary |
Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-5158 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36465 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36641 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36673 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36511 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36562 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36582 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36588 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36553 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36529 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36573 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36556 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.365 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-5158 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-5158
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7kzg-339v-vqbs |
|
| 19 |
| url |
VCID-7ypq-wmb7-quhc |
| vulnerability_id |
VCID-7ypq-wmb7-quhc |
| summary |
Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3248 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22432 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22379 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22429 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37409 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37243 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37433 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37261 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37312 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37325 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37336 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37302 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00164 |
| scoring_system |
epss |
| scoring_elements |
0.37274 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3248 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3248, GHSA-92v7-pq4h-58j5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7ypq-wmb7-quhc |
|
| 20 |
| url |
VCID-82mm-jjnu-sbfa |
| vulnerability_id |
VCID-82mm-jjnu-sbfa |
| summary |
In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2296 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57596 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57681 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57703 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57677 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57732 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57734 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.5775 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57729 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.5771 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57739 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57735 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57713 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2296 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2296
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-82mm-jjnu-sbfa |
|
| 21 |
| url |
VCID-84e7-2rxq-b7e1 |
| vulnerability_id |
VCID-84e7-2rxq-b7e1 |
| summary |
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27022 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56296 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56399 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56421 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56402 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56453 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56458 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56469 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56444 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56425 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56457 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56429 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27022 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27022
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-84e7-2rxq-b7e1 |
|
| 22 |
| url |
VCID-8xgm-pabz-hkeg |
| vulnerability_id |
VCID-8xgm-pabz-hkeg |
| summary |
Improper Privilege Management
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-10689 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25732 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25728 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25786 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25828 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25819 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.2577 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25699 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.2593 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25887 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25827 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25689 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25714 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-10689 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-10689, GHSA-vw22-465p-8j5w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgm-pabz-hkeg |
|
| 23 |
| url |
VCID-92u1-6e9d-tqga |
| vulnerability_id |
VCID-92u1-6e9d-tqga |
| summary |
Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4963 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30311 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30339 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30387 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30203 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30262 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30297 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30301 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30258 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30211 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30225 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30207 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30163 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4963 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4963
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-92u1-6e9d-tqga |
|
| 24 |
| url |
VCID-a1p5-fyr1-wuaq |
| vulnerability_id |
VCID-a1p5-fyr1-wuaq |
| summary |
Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4967 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48286 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48322 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48343 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48295 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4835 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48344 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48369 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48342 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48405 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.484 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4967 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4967
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a1p5-fyr1-wuaq |
|
| 25 |
| url |
VCID-a7cn-eqbq-qyb1 |
| vulnerability_id |
VCID-a7cn-eqbq-qyb1 |
| summary |
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3871 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12913 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12996 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13035 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12983 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12904 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12958 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.1305 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13102 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12915 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12817 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12814 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3871 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3871, GHSA-mpmx-gm5v-q789
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cn-eqbq-qyb1 |
|
| 26 |
| url |
VCID-absc-ndrs-yqep |
| vulnerability_id |
VCID-absc-ndrs-yqep |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which might allow local attackers to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-3564 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16703 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16872 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16929 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16712 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16798 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16853 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.1683 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16786 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16727 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16664 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16671 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00053 |
| scoring_system |
epss |
| scoring_elements |
0.16708 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-3564 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-3564
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-absc-ndrs-yqep |
|
| 27 |
| url |
VCID-b94j-dcjk-eqeu |
| vulnerability_id |
VCID-b94j-dcjk-eqeu |
| summary |
Improper Authentication
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3408 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49124 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49119 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49116 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49133 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49107 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49113 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49158 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49156 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49049 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49083 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49111 |
| published_at |
2026-04-04T12:55:00Z |
|
| 11 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49065 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3408 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3408, GHSA-vxf6-w9mp-95hm
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b94j-dcjk-eqeu |
|
| 28 |
| url |
VCID-bccx-uph7-67cj |
| vulnerability_id |
VCID-bccx-uph7-67cj |
| summary |
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6510 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48679 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48725 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48721 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48607 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48648 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48669 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48622 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48675 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48672 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.4869 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48664 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48677 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6510 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6510
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bccx-uph7-67cj |
|
| 29 |
| url |
VCID-bjts-v9q2-9yg8 |
| vulnerability_id |
VCID-bjts-v9q2-9yg8 |
| summary |
several |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4073 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.8572 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85732 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85751 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85757 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85776 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85786 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85801 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85798 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85794 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85812 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85817 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85811 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4073 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4073, GHSA-3gpq-xx45-4rr9, OSV-94628
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bjts-v9q2-9yg8 |
|
| 30 |
| url |
VCID-bqtz-8vkk-xbg6 |
| vulnerability_id |
VCID-bqtz-8vkk-xbg6 |
| summary |
puppet: Puppet Server ReDoS |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-1894 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17426 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17292 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17312 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17253 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17259 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17473 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17252 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17343 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17402 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17415 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17366 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-1894 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-1894
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bqtz-8vkk-xbg6 |
|
| 31 |
| url |
VCID-bsa9-fu5y-p7at |
| vulnerability_id |
VCID-bsa9-fu5y-p7at |
| summary |
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6511 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48679 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48725 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48721 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48607 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48648 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48669 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48622 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48675 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48672 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.4869 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48664 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48677 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6511 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6511
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bsa9-fu5y-p7at |
|
| 32 |
| url |
VCID-bt3p-h1js-53gg |
| vulnerability_id |
VCID-bt3p-h1js-53gg |
| summary |
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5713 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78268 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78271 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78185 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78194 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78224 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78206 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78232 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78238 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78264 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78247 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78242 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78274 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5713 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5713
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bt3p-h1js-53gg |
|
| 33 |
| url |
VCID-bu53-ez2r-vfcr |
| vulnerability_id |
VCID-bu53-ez2r-vfcr |
| summary |
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4961 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48286 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48322 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48343 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48295 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4835 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48344 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48369 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48342 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48405 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.484 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4961 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4961
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bu53-ez2r-vfcr |
|
| 34 |
| url |
VCID-d6vw-w8g1-q7fk |
| vulnerability_id |
VCID-d6vw-w8g1-q7fk |
| summary |
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4100 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50802 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50824 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50687 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50741 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50766 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50722 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50778 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50775 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50818 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50794 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50779 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50817 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4100 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-4100
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d6vw-w8g1-q7fk |
|
| 35 |
| url |
VCID-dnjn-tqgb-g7fs |
| vulnerability_id |
VCID-dnjn-tqgb-g7fs |
| summary |
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4964 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4749 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4752 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47541 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47489 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47544 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4754 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47563 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47539 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47547 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47605 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47598 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47549 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4964 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4964
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dnjn-tqgb-g7fs |
|
| 36 |
| url |
VCID-eggd-sxe6-dbh3 |
| vulnerability_id |
VCID-eggd-sxe6-dbh3 |
| summary |
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5715 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71736 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71743 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71762 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71737 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71776 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71787 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71811 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71794 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71819 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71807 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5715 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5715
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eggd-sxe6-dbh3 |
|
| 37 |
| url |
VCID-ekj3-h7sp-33fg |
| vulnerability_id |
VCID-ekj3-h7sp-33fg |
| summary |
Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4965 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72443 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72448 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72466 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72442 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72481 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72493 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72516 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72499 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72489 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72531 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.7254 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72529 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4965 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4965
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ekj3-h7sp-33fg |
|
| 38 |
| url |
VCID-eqmw-4ast-tqc3 |
| vulnerability_id |
VCID-eqmw-4ast-tqc3 |
| summary |
Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4971 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48286 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48322 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48343 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48295 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4835 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48344 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48369 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48342 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48405 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.484 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4971 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4971
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eqmw-4ast-tqc3 |
|
| 39 |
| url |
VCID-fdk4-8wtn-nqct |
| vulnerability_id |
VCID-fdk4-8wtn-nqct |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which might allow local attackers to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3848 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62653 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62711 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62742 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62706 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62758 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62775 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62793 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62783 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.6276 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62801 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62808 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00433 |
| scoring_system |
epss |
| scoring_elements |
0.62789 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3848 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3848
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fdk4-8wtn-nqct |
|
| 40 |
| url |
VCID-fjbx-bqnn-2bf3 |
| vulnerability_id |
VCID-fjbx-bqnn-2bf3 |
| summary |
insecure temporary files |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4969 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11455 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11408 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11536 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11591 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1138 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11464 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11523 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11533 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11499 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11469 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.1133 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4969 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4969
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fjbx-bqnn-2bf3 |
|
| 41 |
| url |
VCID-h88b-abes-3bgr |
| vulnerability_id |
VCID-h88b-abes-3bgr |
| summary |
Puppet Denial of Service and Arbitrary File Write
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1987 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73445 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73351 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.7336 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73384 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73355 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73392 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73406 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73429 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73409 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73401 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73443 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00763 |
| scoring_system |
epss |
| scoring_elements |
0.73451 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1987 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1987, GHSA-v58w-6xc2-w799
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr |
|
| 42 |
| url |
VCID-he38-9hxb-9ycb |
| vulnerability_id |
VCID-he38-9hxb-9ycb |
| summary |
Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2297 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53493 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53517 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53543 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53512 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53562 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53558 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53608 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.5359 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53573 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53609 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53615 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53598 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2297 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2297
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-he38-9hxb-9ycb |
|
| 43 |
| url |
VCID-hexs-rr6c-pqap |
| vulnerability_id |
VCID-hexs-rr6c-pqap |
| summary |
puppet-agent: Deserialization of untrusted data |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27017 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30323 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30354 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30175 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30224 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30239 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30221 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30401 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30216 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30276 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30311 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30315 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.3027 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27017 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27017
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hexs-rr6c-pqap |
|
| 44 |
| url |
VCID-jhkk-5euf-uked |
| vulnerability_id |
VCID-jhkk-5euf-uked |
| summary |
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3869 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.1278 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12901 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12951 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12754 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12834 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12885 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12851 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12813 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12768 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12671 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12678 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12803 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3869 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3869, GHSA-8c56-v25w-f89c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jhkk-5euf-uked |
|
| 45 |
| url |
VCID-kkve-dj7r-gue1 |
| vulnerability_id |
VCID-kkve-dj7r-gue1 |
| summary |
puppet: certificates could be honored even when revoked |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3250 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49241 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49271 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.4917 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49201 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49229 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49181 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49235 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49232 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49249 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49222 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49228 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49273 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3250 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3250
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kkve-dj7r-gue1 |
|
| 46 |
| url |
VCID-kt2h-k72f-tqc7 |
| vulnerability_id |
VCID-kt2h-k72f-tqc7 |
| summary |
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1988 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65684 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65568 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65616 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65646 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65612 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65664 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65676 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65696 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65682 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65653 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65688 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00492 |
| scoring_system |
epss |
| scoring_elements |
0.65701 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1988 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1988, GHSA-6xxq-j39w-g3f6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7 |
|
| 47 |
| url |
VCID-muyn-v1ah-27br |
| vulnerability_id |
VCID-muyn-v1ah-27br |
| summary |
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11749 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.3489 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35087 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35115 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.34994 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35039 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35067 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.3507 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35035 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35012 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.3505 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.34988 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11749 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-11749
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-muyn-v1ah-27br |
|
| 48 |
| url |
VCID-mv4z-k16a-hfgr |
| vulnerability_id |
VCID-mv4z-k16a-hfgr |
| summary |
Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9355 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26253 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26415 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26465 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26509 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26284 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26352 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26402 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26411 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26364 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26306 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26316 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26289 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9355 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-9355
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mv4z-k16a-hfgr |
|
| 49 |
| url |
VCID-mz9n-ttkc-bfhx |
| vulnerability_id |
VCID-mz9n-ttkc-bfhx |
| summary |
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9686 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59203 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59277 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.593 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59264 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59314 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59327 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59346 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.5933 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59312 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59345 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59352 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59332 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9686 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9686
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mz9n-ttkc-bfhx |
|
| 50 |
| url |
VCID-n8dt-ef15-wfgv |
| vulnerability_id |
VCID-n8dt-ef15-wfgv |
| summary |
puppet-agent: pxp-agent attempts to configure OpenSSL from uncontrolled location |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6515 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.4421 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44252 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44333 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44324 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44278 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.443 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44233 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44285 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.4429 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44308 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44275 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6515 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6515
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n8dt-ef15-wfgv |
|
| 51 |
| url |
VCID-nf2h-5vd2-6kb1 |
| vulnerability_id |
VCID-nf2h-5vd2-6kb1 |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1653 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83558 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83457 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83469 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83484 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83482 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83507 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83516 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83531 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83525 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83521 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83556 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.01966 |
| scoring_system |
epss |
| scoring_elements |
0.83557 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1653 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1653
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nf2h-5vd2-6kb1 |
|
| 52 |
| url |
VCID-p3cs-jvy5-pyda |
| vulnerability_id |
VCID-p3cs-jvy5-pyda |
| summary |
Multiple vulnerabilities have been found in Puppet Server and
Agent, the worst of which could lead to arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2786 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.7226 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72273 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72178 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72183 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72203 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72215 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72228 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.7225 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72234 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.7222 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72263 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2786 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-2786
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p3cs-jvy5-pyda |
|
| 53 |
| url |
VCID-pdpa-qfpq-zkcq |
| vulnerability_id |
VCID-pdpa-qfpq-zkcq |
| summary |
Improper Input Validation
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1655 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70428 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70419 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70376 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70391 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70406 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70382 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70344 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70409 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70322 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70315 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70367 |
| published_at |
2026-04-08T12:55:00Z |
|
| 11 |
| value |
0.00634 |
| scoring_system |
epss |
| scoring_elements |
0.70328 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1655 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1655, GHSA-574q-fxfj-wv6h
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pdpa-qfpq-zkcq |
|
| 54 |
| url |
VCID-pgg8-9sk2-57ee |
| vulnerability_id |
VCID-pgg8-9sk2-57ee |
| summary |
Low severity vulnerability that affects puppet
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1989 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18236 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18287 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18196 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18221 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18193 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18181 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.1828 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18335 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18333 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18282 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18433 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00058 |
| scoring_system |
epss |
| scoring_elements |
0.18487 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1989 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1989, GHSA-c5qq-g673-5p49
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pgg8-9sk2-57ee |
|
| 55 |
| url |
VCID-pj4s-vjbb-u7h7 |
| vulnerability_id |
VCID-pj4s-vjbb-u7h7 |
| summary |
Improper Access Control
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2785 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38143 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38122 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38273 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38296 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38164 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38214 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38223 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38242 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38206 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38182 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38229 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38209 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2785 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-2785, GHSA-pqj5-7r86-64fv
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pj4s-vjbb-u7h7 |
|
| 56 |
| url |
VCID-prfa-kwxa-hya6 |
| vulnerability_id |
VCID-prfa-kwxa-hya6 |
| summary |
puppet: Denial of Service for Revocation of Auto Renewed Certificates |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5255 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33504 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33422 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33537 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33378 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33457 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.3346 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33419 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.0015 |
| scoring_system |
epss |
| scoring_elements |
0.35519 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.0015 |
| scoring_system |
epss |
| scoring_elements |
0.35529 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.0015 |
| scoring_system |
epss |
| scoring_elements |
0.35467 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.0015 |
| scoring_system |
epss |
| scoring_elements |
0.35489 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5255 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-5255
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-prfa-kwxa-hya6 |
|
| 57 |
| url |
VCID-qs9z-st4f-gkcq |
| vulnerability_id |
VCID-qs9z-st4f-gkcq |
| summary |
Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3249 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.484 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48286 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48322 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48343 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48295 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4835 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48344 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48369 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48342 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48405 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3249 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3249
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qs9z-st4f-gkcq |
|
| 58 |
| url |
VCID-rfcx-7kc9-mbcr |
| vulnerability_id |
VCID-rfcx-7kc9-mbcr |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2274 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.83037 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82933 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82949 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82961 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82959 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82983 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82991 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.83007 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.83 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.82996 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.01851 |
| scoring_system |
epss |
| scoring_elements |
0.83035 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-2274 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-2274
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rfcx-7kc9-mbcr |
|
| 59 |
| url |
VCID-rqbn-6eng-tyhs |
| vulnerability_id |
VCID-rqbn-6eng-tyhs |
| summary |
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6513 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57821 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57844 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57708 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57792 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57813 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57786 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57841 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57843 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57859 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57838 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57816 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57845 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6513 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6513
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rqbn-6eng-tyhs |
|
| 60 |
| url |
VCID-rrky-upea-nfd4 |
| vulnerability_id |
VCID-rrky-upea-nfd4 |
| summary |
puppet: authenticated clients allowed to read arbitrary files from the puppet master |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3864 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54466 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54542 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54565 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54534 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54586 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.5458 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54592 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54574 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54553 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.5459 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00314 |
| scoring_system |
epss |
| scoring_elements |
0.54569 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3864 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3864
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rrky-upea-nfd4 |
|
| 61 |
| url |
VCID-rt19-c3m9-yyfx |
| vulnerability_id |
VCID-rt19-c3m9-yyfx |
| summary |
Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4968 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55499 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.5561 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55635 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55612 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55664 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55667 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55676 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55656 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55638 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55677 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55681 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.5566 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4968 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4968
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rt19-c3m9-yyfx |
|
| 62 |
| url |
VCID-s3wm-tmvz-tbhj |
| vulnerability_id |
VCID-s3wm-tmvz-tbhj |
| summary |
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27020 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65664 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65714 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65744 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.6571 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65763 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65774 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65795 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65781 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65752 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65787 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65801 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27020 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27020
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s3wm-tmvz-tbhj |
|
| 63 |
| url |
VCID-s8jz-vr9t-87dy |
| vulnerability_id |
VCID-s8jz-vr9t-87dy |
| summary |
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2787 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38666 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38794 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38815 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38743 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38793 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38804 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38817 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.3878 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38753 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38798 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38776 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38697 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2787 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-2787
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s8jz-vr9t-87dy |
|
| 64 |
| url |
VCID-sd5c-wx86-t3c1 |
| vulnerability_id |
VCID-sd5c-wx86-t3c1 |
| summary |
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4959 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17591 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17754 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17801 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17529 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17618 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.1768 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17697 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17652 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17601 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17546 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17555 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17588 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4959 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4959
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sd5c-wx86-t3c1 |
|
| 65 |
| url |
VCID-sqqa-bcxy-9uht |
| vulnerability_id |
VCID-sqqa-bcxy-9uht |
| summary |
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4955 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.44989 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45071 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45093 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45035 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45088 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.4511 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45078 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.4508 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45129 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45122 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45073 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4955 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4955
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sqqa-bcxy-9uht |
|
| 66 |
| url |
VCID-sweb-hbec-k3ha |
| vulnerability_id |
VCID-sweb-hbec-k3ha |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1652 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60451 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60288 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60364 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60391 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60359 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60407 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60424 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60444 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60431 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60411 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.60452 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00396 |
| scoring_system |
epss |
| scoring_elements |
0.6046 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1652 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1652
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sweb-hbec-k3ha |
|
| 67 |
| url |
VCID-tetf-xa1u-uffv |
| vulnerability_id |
VCID-tetf-xa1u-uffv |
| summary |
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1906 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19734 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19712 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19792 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19844 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19847 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19802 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19745 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.1972 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19722 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19785 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19931 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00063 |
| scoring_system |
epss |
| scoring_elements |
0.19986 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1906 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1906, GHSA-c4mc-49hq-q275
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tetf-xa1u-uffv |
|
| 68 |
| url |
VCID-txcc-y6jy-q7a6 |
| vulnerability_id |
VCID-txcc-y6jy-q7a6 |
| summary |
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2293 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45134 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45215 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45237 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.4518 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45235 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45255 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45223 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45225 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45276 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.4527 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45221 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2293 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2293
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-txcc-y6jy-q7a6 |
|
| 69 |
| url |
VCID-txx3-3fzg-33cp |
| vulnerability_id |
VCID-txx3-3fzg-33cp |
| summary |
Improper Link Resolution Before File Access ('Link Following')
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3870 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09469 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09496 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09483 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09435 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09361 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09397 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09401 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09451 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09345 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09344 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09452 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3870 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3870, GHSA-qh3g-27jf-3j54
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-txx3-3fzg-33cp |
|
| 70 |
| url |
VCID-u5hk-xgp2-4qea |
| vulnerability_id |
VCID-u5hk-xgp2-4qea |
| summary |
On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6516 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44252 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44324 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.4421 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44278 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.443 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44233 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44285 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.4429 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44308 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44275 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44333 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6516 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6516
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u5hk-xgp2-4qea |
|
| 71 |
| url |
VCID-u983-ve5j-gkgr |
| vulnerability_id |
VCID-u983-ve5j-gkgr |
| summary |
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7331 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60128 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60205 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.6023 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60198 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60248 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60262 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60283 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60269 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.6025 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.6029 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60297 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60284 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7331 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7331
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u983-ve5j-gkgr |
|
| 72 |
| url |
VCID-ugqt-zyga-1ydy |
| vulnerability_id |
VCID-ugqt-zyga-1ydy |
| summary |
puppet: puppet server and puppetDB may leak sensitive information via metrics API |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7943 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98474 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98495 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98487 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98493 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98494 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98475 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98479 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.9848 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98483 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98485 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98488 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7943 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-7943
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ugqt-zyga-1ydy |
|
| 73 |
| url |
VCID-v1kq-tkfx-bycx |
| vulnerability_id |
VCID-v1kq-tkfx-bycx |
| summary |
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4962 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57416 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57499 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.5752 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57496 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57548 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57552 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57568 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57547 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57525 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57528 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4962 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4962
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v1kq-tkfx-bycx |
|
| 74 |
| url |
VCID-v61q-45uv-uuf7 |
| vulnerability_id |
VCID-v61q-45uv-uuf7 |
| summary |
puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11751 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44826 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44909 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44928 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44869 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44922 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44924 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44945 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44913 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44915 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44968 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44961 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44912 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11751 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-11751
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v61q-45uv-uuf7 |
|
| 75 |
| url |
VCID-v9kt-4vxm-ekdw |
| vulnerability_id |
VCID-v9kt-4vxm-ekdw |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6120 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12924 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12968 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13059 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13111 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12914 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12994 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13045 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.13007 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12923 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12823 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12826 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6120 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-6120
|
| risk_score |
0.9 |
| exploitability |
0.5 |
| weighted_severity |
1.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v9kt-4vxm-ekdw |
|
| 76 |
| url |
VCID-vgbw-4yuu-57fz |
| vulnerability_id |
VCID-vgbw-4yuu-57fz |
| summary |
Low severity vulnerability that affects puppet
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3866 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15529 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15712 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15776 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.1558 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15666 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15725 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15692 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15657 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15593 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.1552 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0005 |
| scoring_system |
epss |
| scoring_elements |
0.15674 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3866 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3866, GHSA-8jxj-9r5f-w3m2
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vgbw-4yuu-57fz |
|
| 77 |
| url |
VCID-vrzs-81t1-jyax |
| vulnerability_id |
VCID-vrzs-81t1-jyax |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which might allow local attackers to gain escalated privileges. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3872 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.85995 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86006 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86023 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86022 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86042 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86051 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86065 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86063 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86058 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86076 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86081 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.02778 |
| scoring_system |
epss |
| scoring_elements |
0.86073 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-3872 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3872
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vrzs-81t1-jyax |
|
| 78 |
| url |
VCID-vyk2-e5pa-bff3 |
| vulnerability_id |
VCID-vyk2-e5pa-bff3 |
| summary |
Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-6501 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40687 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40771 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40798 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40723 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40773 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40781 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.408 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40765 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40746 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40791 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40761 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40683 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-6501 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-6501
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vyk2-e5pa-bff3 |
|
| 79 |
| url |
VCID-wage-71h9-6qay |
| vulnerability_id |
VCID-wage-71h9-6qay |
| summary |
Moderate severity vulnerability that affects puppet
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3867 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80599 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80571 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80578 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80544 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80604 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80601 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80536 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80592 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80575 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80565 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80516 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.01418 |
| scoring_system |
epss |
| scoring_elements |
0.80522 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3867 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3867, GHSA-q44r-f2hm-v76v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wage-71h9-6qay |
|
| 80 |
| url |
VCID-wdwr-8m6q-kff5 |
| vulnerability_id |
VCID-wdwr-8m6q-kff5 |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1654 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.64032 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63902 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63961 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63988 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63948 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63998 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.64016 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.64028 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.64014 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.63984 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00458 |
| scoring_system |
epss |
| scoring_elements |
0.64019 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1654 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1654
|
| risk_score |
2.2 |
| exploitability |
0.5 |
| weighted_severity |
4.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wdwr-8m6q-kff5 |
|
| 81 |
| url |
VCID-wkb1-dm1m-67db |
| vulnerability_id |
VCID-wkb1-dm1m-67db |
| summary |
Multiple vulnerabilities have been found in Puppet Agent, the worst
of which could result in the execution of arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5714 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.77138 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.77147 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.77044 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.77049 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.77078 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.7706 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.77092 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.77102 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.77129 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.77109 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.77105 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0101 |
| scoring_system |
epss |
| scoring_elements |
0.77145 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5714 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5714
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wkb1-dm1m-67db |
|
| 82 |
| url |
VCID-wnjy-ggeb-eqcn |
| vulnerability_id |
VCID-wnjy-ggeb-eqcn |
| summary |
puppet: Environment leakage in puppet-agent |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-10690 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41184 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41277 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41306 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.4123 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41281 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41288 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.4131 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41278 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41264 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41308 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41279 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41206 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-10690 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-10690
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wnjy-ggeb-eqcn |
|
| 83 |
| url |
VCID-ww8x-tzxr-4qbn |
| vulnerability_id |
VCID-ww8x-tzxr-4qbn |
| summary |
Improper Link Resolution Before File Access ('Link Following')
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0156 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12795 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12833 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12736 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.1277 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.1266 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12653 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.1275 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12816 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12867 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12785 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12883 |
| published_at |
2026-04-02T12:55:00Z |
|
| 11 |
| value |
0.00042 |
| scoring_system |
epss |
| scoring_elements |
0.12933 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0156 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-0156, GHSA-vrh7-99jh-3fmm
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ww8x-tzxr-4qbn |
|
| 84 |
| url |
VCID-xqap-n8rp-g7fn |
| vulnerability_id |
VCID-xqap-n8rp-g7fn |
| summary |
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2294 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53738 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53757 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53785 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53758 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.5381 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53808 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53856 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53839 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53822 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53859 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53864 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53844 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2294 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2294
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xqap-n8rp-g7fn |
|
| 85 |
| url |
VCID-y3ft-rkcs-7kg2 |
| vulnerability_id |
VCID-y3ft-rkcs-7kg2 |
| summary |
The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5716 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82931 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82947 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82959 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82956 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82981 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82989 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.83005 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02331 |
| scoring_system |
epss |
| scoring_elements |
0.84838 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02331 |
| scoring_system |
epss |
| scoring_elements |
0.84833 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.02331 |
| scoring_system |
epss |
| scoring_elements |
0.84854 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.02331 |
| scoring_system |
epss |
| scoring_elements |
0.84855 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.02331 |
| scoring_system |
epss |
| scoring_elements |
0.84853 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5716 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5716
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y3ft-rkcs-7kg2 |
|
| 86 |
| url |
VCID-yycs-ny3v-pyeh |
| vulnerability_id |
VCID-yycs-ny3v-pyeh |
| summary |
Multiple vulnerabilities have been found in Puppet, the worst of
which could lead to execution of arbitrary code. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1986 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.58974 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59049 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59071 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59036 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59087 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59093 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59111 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59075 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.5911 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59115 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00374 |
| scoring_system |
epss |
| scoring_elements |
0.59095 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1986 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1986
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yycs-ny3v-pyeh |
|