- Home
- CVEs with nessus.description==According to its self-reported version number, the Puppet Enterprise
3.x install on the remote host is prior to 3.1.1. As a result, it is
reportedly affected by multiple vulnerabilities :
- An input validation error exists related to the
included Ruby version, handling string to floating point
conversions that could allow denial of service attacks
or arbitrary code execution. (CVE-2013-4164)
- An error exists related to the included RubyGems
version and 'gem build', 'Gem::Package', and
'Gem::PackageTask' API calls that could allow denial
of service attacks. (CVE-2013-4363)
- An error exists in the 'i18n' gem for Ruby that could
allow cross-site scripting attacks. (CVE-2013-4491)
- An error exists related to handling temporary files
that could allow a local attacker to overwrite files by
using a symlink attack. (CVE-2013-4969)
- An error exists related to the included Ruby on Rails,
'Action View', and handling certain headers that could
allow denial of service attacks. (CVE-2013-6414)
- An input validation error exists related to the
included Ruby on Rails and the 'unit' parameter in the
'number_to_currency' helper that could allow cross-site
scripting attacks. (CVE-2013-6415)
- An input validation error exists related to the
included Ruby on Rails, JSON parameter parsing and SQL
queries that could allow SQL injection attacks.
(CVE-2013-6417)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top