VulnerableCode Package Details - pkg:deb/debian/mcollective@2.0.0%2Bdfsg-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-6raq-jq1v-cyde Aliases: CVE-2014-3251	Two vulnerabilities have been found in MCollective, the worst of which could lead to privilege escalation.	2.6.0+dfsg-2.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7ypq-wmb7-quhc Aliases: CVE-2014-3248 GHSA-92v7-pq4h-58j5	Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.	2.6.0+dfsg-2.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-casd-wvax-8yde Aliases: CVE-2016-2788	mcollective: Improper validation of fields in MCollective pings	2.12.1+dfsg-1 Affected by 0 other vulnerabilities.
VCID-e88t-j5b4-s7ba Aliases: CVE-2017-2292	A vulnerability in MCollective might allow remote attackers to execute arbitrary code.	2.12.1+dfsg-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6raq-jq1v-cyde
Aliases:
CVE-2014-3251

Two vulnerabilities have been found in MCollective, the worst of which could lead to privilege escalation.

2.6.0+dfsg-2.1
Affected by 2 other vulnerabilities.

VCID-7ypq-wmb7-quhc
Aliases:
CVE-2014-3248
GHSA-92v7-pq4h-58j5

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.

2.6.0+dfsg-2.1
Affected by 2 other vulnerabilities.

VCID-casd-wvax-8yde
Aliases:
CVE-2016-2788

mcollective: Improper validation of fields in MCollective pings

2.12.1+dfsg-1
Affected by 0 other vulnerabilities.

VCID-e88t-j5b4-s7ba
Aliases:
CVE-2017-2292

A vulnerability in MCollective might allow remote attackers to execute arbitrary code.

2.12.1+dfsg-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T00:24:30.674774+00:00	Debian Oval Importer	Affected by	VCID-casd-wvax-8yde	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:22:48.422755+00:00	Debian Oval Importer	Affected by	VCID-6raq-jq1v-cyde	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:38:35.452816+00:00	Debian Oval Importer	Affected by	VCID-e88t-j5b4-s7ba	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:55:52.053500+00:00	Debian Oval Importer	Affected by	VCID-7ypq-wmb7-quhc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T23:57:58.882805+00:00	Debian Oval Importer	Affected by	VCID-casd-wvax-8yde	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T22:58:18.406428+00:00	Debian Oval Importer	Affected by	VCID-6raq-jq1v-cyde	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:21:13.956455+00:00	Debian Oval Importer	Affected by	VCID-e88t-j5b4-s7ba	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:41:46.381451+00:00	Debian Oval Importer	Affected by	VCID-7ypq-wmb7-quhc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T23:29:38.928559+00:00	Debian Oval Importer	Affected by	VCID-casd-wvax-8yde	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:32:32.892978+00:00	Debian Oval Importer	Affected by	VCID-6raq-jq1v-cyde	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:04:57.982248+00:00	Debian Oval Importer	Affected by	VCID-e88t-j5b4-s7ba	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:29:05.223077+00:00	Debian Oval Importer	Affected by	VCID-7ypq-wmb7-quhc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0