Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/mcollective@2.6.0%2Bdfsg-2.1
purl pkg:deb/debian/mcollective@2.6.0%2Bdfsg-2.1
Next non-vulnerable version 2.12.1+dfsg-1
Latest non-vulnerable version 2.12.1+dfsg-1
Risk 3.6
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-casd-wvax-8yde
Aliases:
CVE-2016-2788
mcollective: Improper validation of fields in MCollective pings
2.12.1+dfsg-1
Affected by 0 other vulnerabilities.
VCID-e88t-j5b4-s7ba
Aliases:
CVE-2017-2292
A vulnerability in MCollective might allow remote attackers to execute arbitrary code.
2.12.1+dfsg-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-6raq-jq1v-cyde Two vulnerabilities have been found in MCollective, the worst of which could lead to privilege escalation. CVE-2014-3251
VCID-7ypq-wmb7-quhc Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. CVE-2014-3248
GHSA-92v7-pq4h-58j5

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T00:24:30.678331+00:00 Debian Oval Importer Affected by VCID-casd-wvax-8yde https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:22:48.426461+00:00 Debian Oval Importer Fixing VCID-6raq-jq1v-cyde https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:38:35.456142+00:00 Debian Oval Importer Affected by VCID-e88t-j5b4-s7ba https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:55:52.057564+00:00 Debian Oval Importer Fixing VCID-7ypq-wmb7-quhc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-11T23:57:58.886626+00:00 Debian Oval Importer Affected by VCID-casd-wvax-8yde https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:58:18.410333+00:00 Debian Oval Importer Fixing VCID-6raq-jq1v-cyde https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:21:13.960307+00:00 Debian Oval Importer Affected by VCID-e88t-j5b4-s7ba https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:41:46.385768+00:00 Debian Oval Importer Fixing VCID-7ypq-wmb7-quhc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:29:38.933654+00:00 Debian Oval Importer Affected by VCID-casd-wvax-8yde https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:32:32.897801+00:00 Debian Oval Importer Fixing VCID-6raq-jq1v-cyde https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:04:57.987044+00:00 Debian Oval Importer Affected by VCID-e88t-j5b4-s7ba https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:29:05.228948+00:00 Debian Oval Importer Fixing VCID-7ypq-wmb7-quhc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0