| 0 |
| url |
VCID-1dbs-z8sn-e3fv |
| vulnerability_id |
VCID-1dbs-z8sn-e3fv |
| summary |
Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7328 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07356 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07271 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07396 |
| published_at |
2026-04-21T12:55:00Z |
|
| 3 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07137 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07265 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07309 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07293 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07348 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07376 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07372 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07359 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07346 |
| published_at |
2026-04-13T12:55:00Z |
|
| 12 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07276 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7328 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7328
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1dbs-z8sn-e3fv |
|
| 1 |
| url |
VCID-37yk-3v22-4qg7 |
| vulnerability_id |
VCID-37yk-3v22-4qg7 |
| summary |
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6512 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78301 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78268 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78185 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78194 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78224 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78206 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78232 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78238 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78264 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78247 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78242 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78274 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.0112 |
| scoring_system |
epss |
| scoring_elements |
0.78271 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6512 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6512
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-37yk-3v22-4qg7 |
|
| 2 |
| url |
VCID-3jdp-jh74-37c6 |
| vulnerability_id |
VCID-3jdp-jh74-37c6 |
| summary |
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4958 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12509 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12612 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12653 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12465 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12544 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12594 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12561 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.1252 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12481 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12384 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12388 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12504 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12511 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4958 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4958
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3jdp-jh74-37c6 |
|
| 3 |
| url |
VCID-4tw7-zg73-q3cd |
| vulnerability_id |
VCID-4tw7-zg73-q3cd |
| summary |
A privilege escalation allowing remote code execution was discovered in the orchestration service. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-2530 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07317 |
| scoring_system |
epss |
| scoring_elements |
0.91652 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91923 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.9193 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91943 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91948 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91951 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.9195 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91947 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91966 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91964 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.9196 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.07758 |
| scoring_system |
epss |
| scoring_elements |
0.91965 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-2530 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-2530
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4tw7-zg73-q3cd |
|
| 4 |
| url |
VCID-56xc-5fxu-kka3 |
| vulnerability_id |
VCID-56xc-5fxu-kka3 |
| summary |
Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4762 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4749 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4752 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47541 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47489 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47544 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4754 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47563 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47539 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47547 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47605 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47598 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47549 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4762 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4762
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-56xc-5fxu-kka3 |
|
| 5 |
| url |
VCID-5uhz-zcuf-4uej |
| vulnerability_id |
VCID-5uhz-zcuf-4uej |
| summary |
The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4966 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.4496 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45041 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45063 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45006 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45058 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.4508 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45048 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45051 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.451 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45094 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.45046 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44957 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4966 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4966
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5uhz-zcuf-4uej |
|
| 6 |
| url |
VCID-6vjt-rsq7-ekc9 |
| vulnerability_id |
VCID-6vjt-rsq7-ekc9 |
| summary |
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1399 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30311 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30339 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30387 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30203 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30262 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30297 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30301 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30258 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30211 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30225 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30207 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30163 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30093 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1399 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1399
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6vjt-rsq7-ekc9 |
|
| 7 |
| url |
VCID-729g-ky6n-1yfg |
| vulnerability_id |
VCID-729g-ky6n-1yfg |
| summary |
The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1398 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69846 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69859 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69874 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69851 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69899 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69915 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69939 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69923 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69909 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69952 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69962 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69944 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00616 |
| scoring_system |
epss |
| scoring_elements |
0.69995 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1398 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1398
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-729g-ky6n-1yfg |
|
| 8 |
| url |
VCID-7kzg-339v-vqbs |
| vulnerability_id |
VCID-7kzg-339v-vqbs |
| summary |
Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-5158 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36465 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36641 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36673 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36511 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36562 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36582 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36588 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36553 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36529 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36573 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36556 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.365 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00157 |
| scoring_system |
epss |
| scoring_elements |
0.36271 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-5158 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-5158
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7kzg-339v-vqbs |
|
| 9 |
| url |
VCID-82mm-jjnu-sbfa |
| vulnerability_id |
VCID-82mm-jjnu-sbfa |
| summary |
In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2296 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57596 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57681 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57703 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57677 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57732 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57734 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.5775 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57729 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.5771 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57739 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57735 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57713 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.5767 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2296 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2296
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-82mm-jjnu-sbfa |
|
| 10 |
| url |
VCID-84e7-2rxq-b7e1 |
| vulnerability_id |
VCID-84e7-2rxq-b7e1 |
| summary |
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27022 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56296 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56399 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56421 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56402 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56453 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56458 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56469 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56444 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56425 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56457 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56429 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00335 |
| scoring_system |
epss |
| scoring_elements |
0.56356 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27022 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27022
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-84e7-2rxq-b7e1 |
|
| 11 |
| url |
VCID-92u1-6e9d-tqga |
| vulnerability_id |
VCID-92u1-6e9d-tqga |
| summary |
Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4963 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30311 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30339 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30387 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30203 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30262 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30297 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30301 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30258 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30211 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30225 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30207 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30163 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30093 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4963 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4963
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-92u1-6e9d-tqga |
|
| 12 |
| url |
VCID-a1p5-fyr1-wuaq |
| vulnerability_id |
VCID-a1p5-fyr1-wuaq |
| summary |
Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4967 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48286 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48322 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48343 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48295 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4835 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48344 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48369 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48342 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48405 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.484 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48339 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4967 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4967
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a1p5-fyr1-wuaq |
|
| 13 |
| url |
VCID-bccx-uph7-67cj |
| vulnerability_id |
VCID-bccx-uph7-67cj |
| summary |
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6510 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48679 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48725 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48721 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48607 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48648 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48669 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48622 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48675 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48672 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.4869 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48664 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48677 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6510 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6510
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bccx-uph7-67cj |
|
| 14 |
| url |
VCID-bjts-v9q2-9yg8 |
| vulnerability_id |
VCID-bjts-v9q2-9yg8 |
| summary |
several |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4073 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.8572 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85732 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85751 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85757 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85776 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85786 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85801 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85798 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85794 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85812 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85817 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85811 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.02664 |
| scoring_system |
epss |
| scoring_elements |
0.85834 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4073 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4073, GHSA-3gpq-xx45-4rr9, OSV-94628
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bjts-v9q2-9yg8 |
|
| 15 |
| url |
VCID-bqtz-8vkk-xbg6 |
| vulnerability_id |
VCID-bqtz-8vkk-xbg6 |
| summary |
puppet: Puppet Server ReDoS |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-1894 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17426 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17197 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17253 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17259 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17292 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17473 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17252 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17343 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17402 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17415 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17366 |
| published_at |
2026-04-12T12:55:00Z |
|
| 11 |
| value |
0.00055 |
| scoring_system |
epss |
| scoring_elements |
0.17312 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-1894 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-1894
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bqtz-8vkk-xbg6 |
|
| 16 |
| url |
VCID-bsa9-fu5y-p7at |
| vulnerability_id |
VCID-bsa9-fu5y-p7at |
| summary |
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6511 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48679 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48725 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48721 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48607 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48648 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48669 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48622 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48675 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48672 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.4869 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48664 |
| published_at |
2026-04-24T12:55:00Z |
|
| 11 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48677 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6511 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6511
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bsa9-fu5y-p7at |
|
| 17 |
| url |
VCID-bu53-ez2r-vfcr |
| vulnerability_id |
VCID-bu53-ez2r-vfcr |
| summary |
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4961 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48286 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48322 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48343 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48295 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4835 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48344 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48369 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48342 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48405 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.484 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48339 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4961 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4961
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bu53-ez2r-vfcr |
|
| 18 |
| url |
VCID-d6vw-w8g1-q7fk |
| vulnerability_id |
VCID-d6vw-w8g1-q7fk |
| summary |
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4100 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.5075 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50802 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50687 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50741 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50766 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50722 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50778 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50775 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50818 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50794 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50779 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50817 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00274 |
| scoring_system |
epss |
| scoring_elements |
0.50824 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-4100 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-4100
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d6vw-w8g1-q7fk |
|
| 19 |
| url |
VCID-dnjn-tqgb-g7fs |
| vulnerability_id |
VCID-dnjn-tqgb-g7fs |
| summary |
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4964 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4749 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4752 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47541 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47489 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47544 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.4754 |
| published_at |
2026-04-24T12:55:00Z |
|
| 6 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47563 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47539 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47547 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47605 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47598 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00243 |
| scoring_system |
epss |
| scoring_elements |
0.47549 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4964 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4964
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dnjn-tqgb-g7fs |
|
| 20 |
| url |
VCID-eggd-sxe6-dbh3 |
| vulnerability_id |
VCID-eggd-sxe6-dbh3 |
| summary |
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5715 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71736 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71743 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71762 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71737 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71776 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71787 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71811 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71794 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71819 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71825 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71807 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.0069 |
| scoring_system |
epss |
| scoring_elements |
0.71854 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5715 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5715
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eggd-sxe6-dbh3 |
|
| 21 |
| url |
VCID-ekj3-h7sp-33fg |
| vulnerability_id |
VCID-ekj3-h7sp-33fg |
| summary |
Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4965 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72443 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72448 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72466 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72442 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72481 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72493 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72516 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72499 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72489 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72531 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.7254 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72529 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00721 |
| scoring_system |
epss |
| scoring_elements |
0.72572 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4965 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4965
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ekj3-h7sp-33fg |
|
| 22 |
| url |
VCID-eqmw-4ast-tqc3 |
| vulnerability_id |
VCID-eqmw-4ast-tqc3 |
| summary |
Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4971 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48286 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48322 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48343 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48295 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4835 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48344 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48369 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48342 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48405 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.484 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48339 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4971 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4971
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eqmw-4ast-tqc3 |
|
| 23 |
| url |
VCID-he38-9hxb-9ycb |
| vulnerability_id |
VCID-he38-9hxb-9ycb |
| summary |
Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2297 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53493 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53517 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53543 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53512 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53562 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53558 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53608 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.5359 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53573 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53609 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53615 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.53598 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00302 |
| scoring_system |
epss |
| scoring_elements |
0.5356 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2297 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2297
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-he38-9hxb-9ycb |
|
| 24 |
| url |
VCID-hexs-rr6c-pqap |
| vulnerability_id |
VCID-hexs-rr6c-pqap |
| summary |
puppet-agent: Deserialization of untrusted data |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27017 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30323 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30354 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30111 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30239 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30221 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30175 |
| published_at |
2026-04-21T12:55:00Z |
|
| 6 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30401 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30216 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30276 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30311 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30315 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.3027 |
| published_at |
2026-04-12T12:55:00Z |
|
| 12 |
| value |
0.00116 |
| scoring_system |
epss |
| scoring_elements |
0.30224 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27017 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27017
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hexs-rr6c-pqap |
|
| 25 |
| url |
VCID-muyn-v1ah-27br |
| vulnerability_id |
VCID-muyn-v1ah-27br |
| summary |
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11749 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.3489 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35087 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35115 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.34994 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35039 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35067 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.3507 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35035 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.35012 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.3505 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.34988 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00146 |
| scoring_system |
epss |
| scoring_elements |
0.34757 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11749 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-11749
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-muyn-v1ah-27br |
|
| 26 |
| url |
VCID-mv4z-k16a-hfgr |
| vulnerability_id |
VCID-mv4z-k16a-hfgr |
| summary |
Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9355 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26182 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26415 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26465 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26509 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26284 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26352 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26402 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26411 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26364 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26306 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26316 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26289 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.00095 |
| scoring_system |
epss |
| scoring_elements |
0.26253 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9355 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-9355
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mv4z-k16a-hfgr |
|
| 27 |
| url |
VCID-mz9n-ttkc-bfhx |
| vulnerability_id |
VCID-mz9n-ttkc-bfhx |
| summary |
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9686 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59203 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59277 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.593 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59264 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59314 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59327 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59346 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.5933 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59312 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59345 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59352 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.59332 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00377 |
| scoring_system |
epss |
| scoring_elements |
0.5931 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9686 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9686
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mz9n-ttkc-bfhx |
|
| 28 |
| url |
VCID-n8dt-ef15-wfgv |
| vulnerability_id |
VCID-n8dt-ef15-wfgv |
| summary |
puppet-agent: pxp-agent attempts to configure OpenSSL from uncontrolled location |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6515 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.4421 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44171 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44324 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44252 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44278 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.443 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44233 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44285 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.4429 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44308 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44275 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44333 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6515 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6515
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n8dt-ef15-wfgv |
|
| 29 |
| url |
VCID-p3cs-jvy5-pyda |
| vulnerability_id |
VCID-p3cs-jvy5-pyda |
| summary |
Multiple vulnerabilities have been found in Puppet Server and
Agent, the worst of which could lead to arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2786 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72305 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.7226 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72178 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72183 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72203 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72215 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72228 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.7225 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72234 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.7222 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72263 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0071 |
| scoring_system |
epss |
| scoring_elements |
0.72273 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2786 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-2786
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p3cs-jvy5-pyda |
|
| 30 |
| url |
VCID-pj4s-vjbb-u7h7 |
| vulnerability_id |
VCID-pj4s-vjbb-u7h7 |
| summary |
Improper Access Control
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2785 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.37969 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38122 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38273 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38296 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38164 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38214 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38223 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38242 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38206 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38182 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38229 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38209 |
| published_at |
2026-04-18T12:55:00Z |
|
| 12 |
| value |
0.0017 |
| scoring_system |
epss |
| scoring_elements |
0.38143 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2785 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-2785, GHSA-pqj5-7r86-64fv
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pj4s-vjbb-u7h7 |
|
| 31 |
| url |
VCID-prfa-kwxa-hya6 |
| vulnerability_id |
VCID-prfa-kwxa-hya6 |
| summary |
puppet: Denial of Service for Revocation of Auto Renewed Certificates |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5255 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33504 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33457 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33537 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33378 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33422 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.3346 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00136 |
| scoring_system |
epss |
| scoring_elements |
0.33419 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.0015 |
| scoring_system |
epss |
| scoring_elements |
0.35489 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.0015 |
| scoring_system |
epss |
| scoring_elements |
0.35467 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.0015 |
| scoring_system |
epss |
| scoring_elements |
0.35231 |
| published_at |
2026-04-24T12:55:00Z |
|
| 10 |
| value |
0.0015 |
| scoring_system |
epss |
| scoring_elements |
0.35519 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.0015 |
| scoring_system |
epss |
| scoring_elements |
0.35529 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5255 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-5255
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-prfa-kwxa-hya6 |
|
| 32 |
| url |
VCID-qs9z-st4f-gkcq |
| vulnerability_id |
VCID-qs9z-st4f-gkcq |
| summary |
Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3249 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48339 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48286 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48322 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48343 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48295 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.4835 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48344 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48369 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48342 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48354 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48405 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.484 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-3249 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-3249
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qs9z-st4f-gkcq |
|
| 33 |
| url |
VCID-rqbn-6eng-tyhs |
| vulnerability_id |
VCID-rqbn-6eng-tyhs |
| summary |
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6513 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57779 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57821 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57708 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57792 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57813 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57786 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57841 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57843 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57859 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57838 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57816 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57845 |
| published_at |
2026-04-16T12:55:00Z |
|
| 12 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57844 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6513 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6513
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rqbn-6eng-tyhs |
|
| 34 |
| url |
VCID-rt19-c3m9-yyfx |
| vulnerability_id |
VCID-rt19-c3m9-yyfx |
| summary |
Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4968 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55499 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.5561 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55635 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55612 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55664 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55667 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55676 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55656 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55638 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55677 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55681 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.5566 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00327 |
| scoring_system |
epss |
| scoring_elements |
0.55587 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4968 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4968
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rt19-c3m9-yyfx |
|
| 35 |
| url |
VCID-s3wm-tmvz-tbhj |
| vulnerability_id |
VCID-s3wm-tmvz-tbhj |
| summary |
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27020 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65664 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65714 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65744 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.6571 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65763 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65774 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65795 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65781 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65752 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65787 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.65801 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00495 |
| scoring_system |
epss |
| scoring_elements |
0.658 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-27020 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-27020
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s3wm-tmvz-tbhj |
|
| 36 |
| url |
VCID-s8jz-vr9t-87dy |
| vulnerability_id |
VCID-s8jz-vr9t-87dy |
| summary |
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2787 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38666 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38794 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38815 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38743 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38793 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38804 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38817 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.3878 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38753 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38798 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38776 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38697 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38541 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-2787 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-2787
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s8jz-vr9t-87dy |
|
| 37 |
| url |
VCID-sd5c-wx86-t3c1 |
| vulnerability_id |
VCID-sd5c-wx86-t3c1 |
| summary |
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4959 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17591 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17754 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17801 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17529 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17618 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.1768 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17697 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17652 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17601 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17546 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17555 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17588 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17499 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4959 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4959
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sd5c-wx86-t3c1 |
|
| 38 |
| url |
VCID-sqqa-bcxy-9uht |
| vulnerability_id |
VCID-sqqa-bcxy-9uht |
| summary |
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4955 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.44989 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45071 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45093 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45035 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45088 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.4511 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45078 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.4508 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45129 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45122 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.45073 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00224 |
| scoring_system |
epss |
| scoring_elements |
0.44985 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4955 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4955
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sqqa-bcxy-9uht |
|
| 39 |
| url |
VCID-txcc-y6jy-q7a6 |
| vulnerability_id |
VCID-txcc-y6jy-q7a6 |
| summary |
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2293 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45134 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45215 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45237 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.4518 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45235 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45255 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45223 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45225 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45276 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.4527 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45221 |
| published_at |
2026-04-21T12:55:00Z |
|
| 11 |
| value |
0.00225 |
| scoring_system |
epss |
| scoring_elements |
0.45133 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2293 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2293
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-txcc-y6jy-q7a6 |
|
| 40 |
| url |
VCID-u5hk-xgp2-4qea |
| vulnerability_id |
VCID-u5hk-xgp2-4qea |
| summary |
On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6516 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44171 |
| published_at |
2026-04-24T12:55:00Z |
|
| 1 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44252 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.4421 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44278 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.443 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44233 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44285 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.4429 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44308 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44275 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44333 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00217 |
| scoring_system |
epss |
| scoring_elements |
0.44324 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-6516 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6516
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u5hk-xgp2-4qea |
|
| 41 |
| url |
VCID-u983-ve5j-gkgr |
| vulnerability_id |
VCID-u983-ve5j-gkgr |
| summary |
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7331 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60128 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60205 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.6023 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60198 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60248 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60262 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60283 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60269 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.6025 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.6029 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60297 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60284 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00393 |
| scoring_system |
epss |
| scoring_elements |
0.60255 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-7331 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-7331
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u983-ve5j-gkgr |
|
| 42 |
| url |
VCID-ugqt-zyga-1ydy |
| vulnerability_id |
VCID-ugqt-zyga-1ydy |
| summary |
puppet: puppet server and puppetDB may leak sensitive information via metrics API |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7943 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98474 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98499 |
| published_at |
2026-04-24T12:55:00Z |
|
| 2 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98493 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98494 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98495 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98475 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98479 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.9848 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98483 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98485 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98488 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.65366 |
| scoring_system |
epss |
| scoring_elements |
0.98487 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-7943 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-7943
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ugqt-zyga-1ydy |
|
| 43 |
| url |
VCID-v1kq-tkfx-bycx |
| vulnerability_id |
VCID-v1kq-tkfx-bycx |
| summary |
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4962 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57416 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57499 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.5752 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57496 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57548 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57552 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57568 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57547 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57525 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57528 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.0035 |
| scoring_system |
epss |
| scoring_elements |
0.57487 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4962 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-4962
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v1kq-tkfx-bycx |
|
| 44 |
| url |
VCID-v61q-45uv-uuf7 |
| vulnerability_id |
VCID-v61q-45uv-uuf7 |
| summary |
puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11751 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44826 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44909 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44928 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44869 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44922 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44924 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44945 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44913 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44915 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44968 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44961 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44912 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00223 |
| scoring_system |
epss |
| scoring_elements |
0.44821 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11751 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-11751
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v61q-45uv-uuf7 |
|
| 45 |
| url |
VCID-vyk2-e5pa-bff3 |
| vulnerability_id |
VCID-vyk2-e5pa-bff3 |
| summary |
Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-6501 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40687 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40771 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40798 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40723 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40773 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40781 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.408 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40765 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40746 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40791 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40761 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40683 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00189 |
| scoring_system |
epss |
| scoring_elements |
0.40586 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-6501 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-6501
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vyk2-e5pa-bff3 |
|
| 46 |
| url |
VCID-wnjy-ggeb-eqcn |
| vulnerability_id |
VCID-wnjy-ggeb-eqcn |
| summary |
puppet: Environment leakage in puppet-agent |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-10690 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41184 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41277 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41306 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.4123 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41281 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41288 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.4131 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41278 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41264 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41308 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41279 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41206 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00193 |
| scoring_system |
epss |
| scoring_elements |
0.41095 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-10690 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-10690
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wnjy-ggeb-eqcn |
|
| 47 |
| url |
VCID-xqap-n8rp-g7fn |
| vulnerability_id |
VCID-xqap-n8rp-g7fn |
| summary |
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2294 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53738 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53757 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53785 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53758 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.5381 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53808 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53856 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53839 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53822 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53859 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53864 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53844 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.00306 |
| scoring_system |
epss |
| scoring_elements |
0.53811 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-2294 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-2294
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xqap-n8rp-g7fn |
|
| 48 |
| url |
VCID-y3ft-rkcs-7kg2 |
| vulnerability_id |
VCID-y3ft-rkcs-7kg2 |
| summary |
The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5716 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82931 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82947 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82959 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82956 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82981 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.82989 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0185 |
| scoring_system |
epss |
| scoring_elements |
0.83005 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02331 |
| scoring_system |
epss |
| scoring_elements |
0.84838 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02331 |
| scoring_system |
epss |
| scoring_elements |
0.84833 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.02331 |
| scoring_system |
epss |
| scoring_elements |
0.84854 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.02331 |
| scoring_system |
epss |
| scoring_elements |
0.84855 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.02331 |
| scoring_system |
epss |
| scoring_elements |
0.84853 |
| published_at |
2026-04-21T12:55:00Z |
|
| 12 |
| value |
0.02331 |
| scoring_system |
epss |
| scoring_elements |
0.84879 |
| published_at |
2026-04-24T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-5716 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-5716
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y3ft-rkcs-7kg2 |
|