Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
purl pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-6raq-jq1v-cyde Two vulnerabilities have been found in MCollective, the worst of which could lead to privilege escalation. CVE-2014-3251
VCID-7ypq-wmb7-quhc Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. CVE-2014-3248
GHSA-92v7-pq4h-58j5
VCID-casd-wvax-8yde mcollective: Improper validation of fields in MCollective pings CVE-2016-2788
VCID-e88t-j5b4-s7ba A vulnerability in MCollective might allow remote attackers to execute arbitrary code. CVE-2017-2292
VCID-m57c-zm42-rqh9 mcollective: world readable client config CVE-2014-0164

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:03:41.549576+00:00 Debian Importer Fixing VCID-casd-wvax-8yde https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:59:14.853672+00:00 Debian Importer Fixing VCID-6raq-jq1v-cyde https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:53:05.788726+00:00 Debian Importer Fixing VCID-e88t-j5b4-s7ba https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:22:11.624367+00:00 Debian Importer Fixing VCID-7ypq-wmb7-quhc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:47:06.275251+00:00 Debian Importer Fixing VCID-m57c-zm42-rqh9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:58:45.963965+00:00 Debian Importer Fixing VCID-casd-wvax-8yde https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:55:23.769422+00:00 Debian Importer Fixing VCID-6raq-jq1v-cyde https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:50:44.101939+00:00 Debian Importer Fixing VCID-e88t-j5b4-s7ba https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:27:47.781185+00:00 Debian Importer Fixing VCID-7ypq-wmb7-quhc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:54:03.823561+00:00 Debian Importer Fixing VCID-m57c-zm42-rqh9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:45:38.734008+00:00 Debian Importer Fixing VCID-e88t-j5b4-s7ba https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:45:38.700862+00:00 Debian Importer Fixing VCID-casd-wvax-8yde https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:45:38.666943+00:00 Debian Importer Fixing VCID-6raq-jq1v-cyde https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:45:38.632209+00:00 Debian Importer Fixing VCID-7ypq-wmb7-quhc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:45:38.594455+00:00 Debian Importer Fixing VCID-m57c-zm42-rqh9 https://security-tracker.debian.org/tracker/data/json 38.1.0