Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1
purl pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1
Next non-vulnerable version 5.5.10-4
Latest non-vulnerable version 5.5.10-4
Risk 3.6
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-18aq-72zg-3uc9
Aliases:
CVE-2017-2295
puppet: Unsafe YAML deserialization
4.8.2-5
Affected by 1 other vulnerability.
VCID-8xgm-pabz-hkeg
Aliases:
CVE-2017-10689
GHSA-vw22-465p-8j5w
Improper Privilege Management In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
5.5.10-4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-bt3p-h1js-53gg Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0. CVE-2016-5713
VCID-wkb1-dm1m-67db Multiple vulnerabilities have been found in Puppet Agent, the worst of which could result in the execution of arbitrary code. CVE-2016-5714

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T00:45:08.017708+00:00 Debian Oval Importer Fixing VCID-bt3p-h1js-53gg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:56:30.407119+00:00 Debian Oval Importer Affected by VCID-18aq-72zg-3uc9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:10:31.451402+00:00 Debian Oval Importer Fixing VCID-wkb1-dm1m-67db https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:44:16.055212+00:00 Debian Oval Importer Affected by VCID-8xgm-pabz-hkeg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-12T00:17:47.632863+00:00 Debian Oval Importer Fixing VCID-bt3p-h1js-53gg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:36:53.054452+00:00 Debian Oval Importer Affected by VCID-18aq-72zg-3uc9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:52:14.436216+00:00 Debian Oval Importer Fixing VCID-wkb1-dm1m-67db https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:31:06.376225+00:00 Debian Oval Importer Affected by VCID-8xgm-pabz-hkeg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:48:39.727348+00:00 Debian Oval Importer Fixing VCID-bt3p-h1js-53gg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T20:16:58.960582+00:00 Debian Oval Importer Affected by VCID-18aq-72zg-3uc9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:34:30.781213+00:00 Debian Oval Importer Fixing VCID-wkb1-dm1m-67db https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:22:17.042481+00:00 Debian Oval Importer Affected by VCID-8xgm-pabz-hkeg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0