Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

rubygems puppet Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1tcG14LWdtNXYtcTc4Oc4AATVg
Puppet uses predictable filenames, allowing arbitrary file overwrite
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05cHZ4LWZ3d2gtdzI4Oc4AATVb
Puppet does not properly restrict access to node resources
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04YzU2LXYyNXctZjg5Y84AATVI
Puppet arbitrary file overwrite
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xaDNnLTI3amYtM2o1NM4AATVQ
Puppet allows local users to modify the permissions of arbitrary files
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12NTh3LTZ4YzItdzc5Oc4AATUx
Puppet Denial of Service and Arbitrary File Write
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02eHhxLWozOXctZzNmNs4AATUt
Puppet Arbitrary Command Execution
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jNG1jLTQ5aHEtcTI3Nc4AATUu
Puppet uses predictable filenames, allowing arbitrary file overwrite
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03N2hnLWc4Y2MtNXIzN84AATUv
Puppet Privilege Escallation
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12dzIyLTQ2NXAtOGo1d84AAR7S
Tarball permission preservation in puppet
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wcWo1LTdyODYtNjRmds3svQ
Puppet Improper Access Control
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12cmg3LTk5amgtM2Ztbc3StQ
Puppet arbitrary files overwrite via a symlink attack
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNGc3LWpyeHYtNjdyOc0XeQ
Silent Configuration Failure in Puppet Agent
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05M2o1LWc4NDUtOXdxcM0XhQ
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxdmYtODkyci12am01
Improper Certificate Validation in Puppet
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4ZjYtdzltcC05NWht
Puppet supports use of IP addresses in certnames without warning of potential risks
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1cXEtZzY3My01cDQ5
Puppet allows local users to overwrite arbitrary files via a symlink attack
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqeGotOXI1Zi13M20y
Puppet allows local users to obtain sensitive configuration information
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4OW0tM3dqdy1oODU3
Puppet vulnerable to Path Traversal
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cDUtdzJjci03Y3A3
Puppet Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3NHEtZnhmai13djZo
Puppet Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqNDMtOWgzdy12OTc2
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0NHItZjJobS12NzZ2
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkydjctcHE0aC01OGo1
facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability
Ecosystems: rubygems
Packages: mcollective-client, puppet, hiera, facter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Statistics
Advisories: 19,336
Packages: 8,539
Repositories: 2
Ecosystems: 12
Filter by Package
actionpack 58 nokogiri 43 rubygems-update 25 puppet 23 rack 22 activerecord 21 activesupport 14 publify_core 14 passenger 13 actionview 12 rails 11 puma 11 fat_free_crm 10 jquery-rails 9 rails-html-sanitizer 9 org.webjars.npm:jquery 8 jquery 8 jQuery 7 org.jruby:jruby-stdlib 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 jquery-ui-rails 7 decidim 7 jquery-ui 7 doorkeeper 6 katello 6 ember-source 6 loofah 6 camaleon_cms 6 sidekiq 5 commonmarker 5 spree 5 bundler 5 spree_auth_devise 5 grpc 4 webrick 4 sanitize 4 avo 4 grpcio 4 sinatra 4 dragonfly 4 devise 4 fluentd 4 activestorage 4 carrierwave 4 mail 4 bootstrap 3 bootstrap 3 rails_admin 3 omniauth 3 cgi 3 resque 3 gollum 3 yard 3 geminabox 3 rest-client 3 private_address_check 3 chartkick 3 rubyzip 3 io.grpc:grpc-protobuf 3 rdoc 3 rack-cors 3 phlex 3 json-jwt 3 decidim-core 3 activeadmin 3 git 3 openssl 3 ruby-saml 3 faye 2 json 2 twitter-bootstrap-rails 2 logstash-core 2 redcarpet 2 facter 2 uri 2 httparty 2 VladTheEnterprising 2 omniauth-facebook 2 ox 2 mini_magick 2 echor 2 rexml 2 yajl-ruby 2 git-fastclone 2 spina 2 bson 2 net-ldap 2 kaminari 2 paperclip 2 user_agent_parser 2 pghero 2 devise-two-factor 2 secure_headers 2 pdfkit 2 solidus_frontend 2 cocoapods-downloader 2 field_test 2 radiant 2 decidim-templates 2 sprockets 2 qiita-markdown 2 mechanize 2 i18n 2 safemode 2 mapbox.js 2 mapbox-rails 2 pyarrow 2 red-arrow 2 sup 2 pageflow 2 google-protobuf 2 administrate 2 bootstrap-sass 2 com.google.protobuf:protobuf-kotlin 2 ruby-openid 2 kramdown 2 view_component 2 com.google.protobuf:protobuf-java 2 solidus_core 2 actiontext 2 github.com/github/hub 1 jmespath 1 paratrooper-newrelic 1 octopoller 1 date 1 trilogy 1 hub 1 sentry-raven 1 websocket-extensions 1 railties 1 foreman_ansible 1 gitlab-grit 1 geokit-rails 1 multi_xml 1 keynote 1 ruby_parser 1 padrino-contrib 1 bolt 1 omniauth-microsoft_graph 1 lynx 1 rubocop 1 ruby-mysql 1 kafo 1 hammer_cli_foreman 1 jruby-openssl 1 redcloth 1 em-http-request 1 command_wrap 1 gtk2 1 rotp 1 @turbo-boost/commands 1 activejob 1 personnummer 1 turbo_boost-commands 1 kcapifony 1 brbackup 1 discordrb 1 rmagick 1 diffy 1 recurly 1 solidus_backend 1 md2pdf 1 sounder 1 twitter-stream 1 resque-scheduler 1 xapian-core 1 mixlib-archive 1 rswag 1 pdf_info 1 inline_svg 1 foreman_fog_proxmox 1 message_bus 1 shrine 1 omniauth-auth0 1 papercrop 1 spree_api 1 omniauth-apple 1 asciidoctor 1 audited 1 govuk_tech_docs 1 oauth 1 clockwork_web 1 trestle-auth 1 point-cli 1 openshift-origin-node 1 decidim-system 1 lean-ruport 1 decidim-admin 1 flash_tool 1 tweetstream 1 ftpd 1 pysha3 1 sha3 1 better_errors 1 mongrel 1 cap-strap 1 unpoly-rails 1 ruby-jss 1 rack-mini-profiler 1