Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/puppet@3.7.2-4%2Bdeb8u1
purl pkg:deb/debian/puppet@3.7.2-4%2Bdeb8u1
Next non-vulnerable version 5.5.10-4
Latest non-vulnerable version 5.5.10-4
Risk 4.4
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-18aq-72zg-3uc9
Aliases:
CVE-2017-2295
puppet: Unsafe YAML deserialization
4.8.2-5
Affected by 1 other vulnerability.
VCID-8xgm-pabz-hkeg
Aliases:
CVE-2017-10689
GHSA-vw22-465p-8j5w
Improper Privilege Management In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
5.5.10-4
Affected by 0 other vulnerabilities.
VCID-bt3p-h1js-53gg
Aliases:
CVE-2016-5713
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
4.8.2-5~bpo8+1
Affected by 2 other vulnerabilities.
VCID-wkb1-dm1m-67db
Aliases:
CVE-2016-5714
Multiple vulnerabilities have been found in Puppet Agent, the worst of which could result in the execution of arbitrary code.
4.8.2-5~bpo8+1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-18aq-72zg-3uc9 puppet: Unsafe YAML deserialization CVE-2017-2295

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T00:45:08.013808+00:00 Debian Oval Importer Affected by VCID-bt3p-h1js-53gg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:56:30.403524+00:00 Debian Oval Importer Affected by VCID-18aq-72zg-3uc9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:10:31.447602+00:00 Debian Oval Importer Affected by VCID-wkb1-dm1m-67db https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:44:16.051857+00:00 Debian Oval Importer Affected by VCID-8xgm-pabz-hkeg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T13:24:23.540578+00:00 Debian Oval Importer Fixing VCID-18aq-72zg-3uc9 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.4.0
2026-04-12T00:17:47.631354+00:00 Debian Oval Importer Affected by VCID-bt3p-h1js-53gg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:36:53.050906+00:00 Debian Oval Importer Affected by VCID-18aq-72zg-3uc9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:52:14.431088+00:00 Debian Oval Importer Affected by VCID-wkb1-dm1m-67db https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:31:06.372089+00:00 Debian Oval Importer Affected by VCID-8xgm-pabz-hkeg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T13:13:07.815431+00:00 Debian Oval Importer Fixing VCID-18aq-72zg-3uc9 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.3.0
2026-04-08T23:48:39.723418+00:00 Debian Oval Importer Affected by VCID-bt3p-h1js-53gg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T20:16:58.956275+00:00 Debian Oval Importer Affected by VCID-18aq-72zg-3uc9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:34:30.776712+00:00 Debian Oval Importer Affected by VCID-wkb1-dm1m-67db https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:22:17.036951+00:00 Debian Oval Importer Affected by VCID-8xgm-pabz-hkeg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T13:12:22.656515+00:00 Debian Oval Importer Fixing VCID-18aq-72zg-3uc9 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.1.0