The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Puppet

Ruby REXML: spoofing via XML Round-trip
An attacker can create spoofed data via XML Round-trip of Ruby REXML, in order to deceive the victim...
CVE-2021-28965, FEDORA-2021-0ea39d8eb3, FEDORA-2021-6385a09efc, openSUSE-SU-2021:0607-1, RHSA-2021:2104-01, RHSA-2021:2229-01, RHSA-2021:2230-01, SUSE-SU-2021:1280-1, USN-4922-1, USN-4922-2, VIGILANCE-VUL-35104
libcurl: Man-in-the-Middle via TLS 1.3 Session Ticket Proxy Host Mixup
An attacker can act as a Man-in-the-Middle via TLS 1.3 Session Ticket Proxy Host Mixup on libcurl, in order to read or write data in the session...
CVE-2021-22890, DSA-4881-1, FEDORA-2021-26a293c72b, FEDORA-2021-cab5c9befb, openSUSE-SU-2021:0510-1, SSA:2021-090-01, SUSE-SU-2021:1006-1, USN-4898-1, VIGILANCE-VUL-34978
libcurl: information disclosure via Auto Referer Header Credentials
An attacker can bypass access restrictions to data via Auto Referer Header Credentials of libcurl, in order to obtain sensitive information...
CVE-2021-22876, DLA-2664-1, DSA-4881-1, FEDORA-2021-26a293c72b, FEDORA-2021-cab5c9befb, openSUSE-SU-2021:0510-1, SSA:2021-090-01, SUSE-SU-2021:1006-1, SUSE-SU-2021:1396-1, SUSE-SU-2021:14707-1, SUSE-SU-2021:1786-1, SUSE-SU-2021:1809-1, USN-4898-1, USN-4903-1, VIGILANCE-VUL-34977
OpenSSL: Man-in-the-Middle via X509_V_FLAG_X509_STRICT
An attacker can act as a Man-in-the-Middle via X509_V_FLAG_X509_STRICT on OpenSSL, in order to read or write data in the session...
6443733, CERTFR-2021-AVI-221, CERTFR-2021-AVI-235, cisco-sa-openssl-2021-GHY28dJd, cpuapr2021, CVE-2021-3450, FEDORA-2021-c11da301be, FEDORA-2021-d049f32a82, FEDORA-2021-d934acdb42, FEDORA-2021-f347d1c866, FreeBSD-SA-21:07.openssl, RHSA-2021:1024-01, SB10356, SSB-439005, TNS-2021-05, VIGILANCE-VUL-34943
libcurl: Man-in-the-Middle via Inferior OCSP Verification
An attacker can act as a Man-in-the-Middle via Inferior OCSP Verification on libcurl, in order to read or write data in the session...
6409294, CERTFR-2021-AVI-442, CVE-2020-8286, DLA-2500-1, DSA-4881-1, FEDORA-2020-7ab62c73bc, FEDORA-2020-ceaf490686, K15402727, openSUSE-SU-2020:2238-1, openSUSE-SU-2020:2249-1, RHSA-2021:1610-01, SSA-200951, SSA:2020-344-01, SUSE-SU-2020:3733-1, SUSE-SU-2020:3735-1, SUSE-SU-2020:3739-1, SUSE-SU-2021:1786-1, USN-4665-1, USN-4665-2, VIGILANCE-VUL-34068
libcurl: denial of service via FTP Wildcard
An attacker can trigger a fatal error via FTP Wildcard of libcurl, in order to trigger a denial of service...
6409294, CVE-2020-8285, DLA-2500-1, DSA-4881-1, FEDORA-2020-7ab62c73bc, FEDORA-2020-ceaf490686, K61186963, openSUSE-SU-2020:2238-1, openSUSE-SU-2020:2249-1, RHSA-2021:1610-01, SSA:2020-344-01, SUSE-SU-2020:14585-1, SUSE-SU-2020:3733-1, SUSE-SU-2020:3735-1, SUSE-SU-2020:3739-1, SUSE-SU-2021:1786-1, USN-4665-1, USN-4665-2, VIGILANCE-VUL-34067
curl: information disclosure via FTP PASV Responses
An attacker can bypass access restrictions to data via FTP PASV Responses of curl, in order to obtain sensitive information...
6453673, CVE-2020-8284, DLA-2500-1, DSA-4881-1, FEDORA-2020-7ab62c73bc, FEDORA-2020-ceaf490686, K63525058, openSUSE-SU-2020:2238-1, openSUSE-SU-2020:2249-1, RHSA-2021:1610-01, SSA:2020-344-01, SUSE-SU-2020:14585-1, SUSE-SU-2020:3733-1, SUSE-SU-2020:3735-1, SUSE-SU-2020:3739-1, SUSE-SU-2021:1786-1, USN-4665-1, USN-4665-2, VIGILANCE-VUL-34066
PostgreSQL: three vulnerabilities
An attacker can use several vulnerabilities of PostgreSQL...
CERTFR-2020-AVI-744, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696, DLA-2478-1, openSUSE-SU-2020:2018-1, openSUSE-SU-2020:2019-1, openSUSE-SU-2020:2028-1, openSUSE-SU-2020:2029-1, openSUSE-SU-2021:0337-1, RHSA-2020:5316-01, RHSA-2020:5317-01, RHSA-2020:5401-01, RHSA-2020:5567-01, RHSA-2020:5619-01, RHSA-2020:5620-01, RHSA-2020:5638-01, RHSA-2020:5661-01, RHSA-2020:5664-01, RHSA-2021:0057-01, RHSA-2021:0161-01, RHSA-2021:0163-01, RHSA-2021:0164-01, RHSA-2021:0165-01, RHSA-2021:0166-01, RHSA-2021:0167-01, RHSA-2021:1512-01, SUSE-SU-2020:3343-1, SUSE-SU-2020:3425-1, SUSE-SU-2020:3455-1, SUSE-SU-2020:3463-1, SUSE-SU-2020:3464-1, SUSE-SU-2020:3476-1, SUSE-SU-2020:3477-1, SUSE-SU-2020:3630-1, SUSE-SU-2021:0175-1, SUSE-SU-2021:0217-1, USN-4633-1, VIGILANCE-VUL-33897
WEBrick: information disclosure via Transfer-Encoding Header Smuggling
An attacker can bypass access restrictions to data via Transfer-Encoding Header Smuggling of WEBrick, in order to obtain sensitive information...
CVE-2020-25613, DLA-2391-1, DLA-2392-1, openSUSE-SU-2021:0471-1, RHSA-2021:2104-01, RHSA-2021:2229-01, RHSA-2021:2230-01, SUSE-SU-2021:0933-1, USN-4882-1, VIGILANCE-VUL-33468
Continuous Delivery for Puppet Enterprise: information disclosure via Impact Analysis Report
An attacker can bypass access restrictions to data via Impact Analysis Report of Continuous Delivery for Puppet Enterprise, in order to obtain sensitive information...
CVE-2020-7944, VIGILANCE-VUL-32610
Our database contains other pages. You can request a free trial to read them.

Display information about Puppet: