The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Puppet

libcurl: Man-in-the-Middle via Inferior OCSP Verification
An attacker can act as a Man-in-the-Middle via Inferior OCSP Verification on libcurl, in order to read or write data in the session...
6409294, CVE-2020-8286, DLA-2500-1, FEDORA-2020-7ab62c73bc, FEDORA-2020-ceaf490686, K15402727, openSUSE-SU-2020:2238-1, openSUSE-SU-2020:2249-1, SSA:2020-344-01, SUSE-SU-2020:3733-1, SUSE-SU-2020:3735-1, SUSE-SU-2020:3739-1, USN-4665-1, USN-4665-2, VIGILANCE-VUL-34068
libcurl: denial of service via FTP Wildcard
An attacker can trigger a fatal error via FTP Wildcard of libcurl, in order to trigger a denial of service...
6409294, CVE-2020-8285, DLA-2500-1, FEDORA-2020-7ab62c73bc, FEDORA-2020-ceaf490686, K61186963, openSUSE-SU-2020:2238-1, openSUSE-SU-2020:2249-1, SSA:2020-344-01, SUSE-SU-2020:14585-1, SUSE-SU-2020:3733-1, SUSE-SU-2020:3735-1, SUSE-SU-2020:3739-1, USN-4665-1, USN-4665-2, VIGILANCE-VUL-34067
curl: information disclosure via FTP PASV Responses
An attacker can bypass access restrictions to data via FTP PASV Responses of curl, in order to obtain sensitive information...
CVE-2020-8284, DLA-2500-1, FEDORA-2020-7ab62c73bc, FEDORA-2020-ceaf490686, K63525058, openSUSE-SU-2020:2238-1, openSUSE-SU-2020:2249-1, SSA:2020-344-01, SUSE-SU-2020:14585-1, SUSE-SU-2020:3733-1, SUSE-SU-2020:3735-1, SUSE-SU-2020:3739-1, USN-4665-1, USN-4665-2, VIGILANCE-VUL-34066
PostgreSQL: three vulnerabilities
An attacker can use several vulnerabilities of PostgreSQL...
CERTFR-2020-AVI-744, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696, DLA-2478-1, openSUSE-SU-2020:2018-1, openSUSE-SU-2020:2019-1, openSUSE-SU-2020:2028-1, openSUSE-SU-2020:2029-1, openSUSE-SU-2021:0337-1, RHSA-2020:5316-01, RHSA-2020:5317-01, RHSA-2020:5401-01, RHSA-2020:5567-01, RHSA-2020:5619-01, RHSA-2020:5620-01, RHSA-2020:5638-01, RHSA-2020:5661-01, RHSA-2020:5664-01, RHSA-2021:0057-01, RHSA-2021:0161-01, RHSA-2021:0163-01, RHSA-2021:0164-01, RHSA-2021:0165-01, RHSA-2021:0166-01, RHSA-2021:0167-01, SUSE-SU-2020:3343-1, SUSE-SU-2020:3425-1, SUSE-SU-2020:3455-1, SUSE-SU-2020:3463-1, SUSE-SU-2020:3464-1, SUSE-SU-2020:3476-1, SUSE-SU-2020:3477-1, SUSE-SU-2020:3630-1, SUSE-SU-2021:0175-1, SUSE-SU-2021:0217-1, USN-4633-1, VIGILANCE-VUL-33897
Continuous Delivery for Puppet Enterprise: information disclosure via Impact Analysis Report
An attacker can bypass access restrictions to data via Impact Analysis Report of Continuous Delivery for Puppet Enterprise, in order to obtain sensitive information...
CVE-2020-7944, VIGILANCE-VUL-32610
OpenSSL: NULL pointer dereference via SSL_check_chain
An attacker can force a NULL pointer to be dereferenced via SSL_check_chain() of OpenSSL, in order to trigger a denial of service...
6235728, 6409294, bulletinjul2020, CERTFR-2020-AVI-235, cpujul2020, cpuoct2020, CVE-2020-1967, DSA-4661-1, FreeBSD-SA-20:11.openssl, JSA11074, openSUSE-SU-2020:0933-1, openSUSE-SU-2020:0945-1, SUSE-SU-2020:1058-1, SUSE-SU-2020:2041-1, VIGILANCE-VUL-32076
Ruby: information disclosure via Socket Library
A local attacker can read a memory fragment via Socket Library of Ruby, in order to obtain sensitive information...
CVE-2020-10933, DSA-4721-1, FEDORA-2020-a95706b117, openSUSE-SU-2020:0586-1, VIGILANCE-VUL-32164
Puppet: information disclosure
An attacker can bypass access restrictions to data of Puppet, in order to obtain sensitive information...
CVE-2020-7943, VIGILANCE-VUL-31762
Puppet: information disclosure via Compromised Certificate
An attacker can bypass access restrictions to data via Compromised Certificate of Puppet, in order to obtain sensitive information...
CVE-2020-7942, SUSE-SU-2020:1057-1, VIGILANCE-VUL-31632
RubyGem Rack: privilege escalation via Session ID Time Measurement
An attacker can bypass restrictions via Session ID Time Measurement of RubyGem Rack, in order to escalate his privileges...
CVE-2019-16782, FEDORA-2020-57fc0d0156, openSUSE-SU-2020:0214-1, SUSE-SU-2020:0359-1, VIGILANCE-VUL-31365
Our database contains other pages. You can request a free trial to read them.

Display information about Puppet: