- Home
- CVEs with nessus.description==According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities :
- An input validation error exists related to the included Ruby version, handling string to floating point conversions that could allow denial of service attacks or arbitrary code execution. (CVE-2013-4164)
- An error exists related to the included RubyGems version and 'gem build', 'Gem::Package', and 'Gem::PackageTask' API calls that could allow denial of service attacks. (CVE-2013-4363)
- An error exists in the 'i18n' gem for Ruby that could allow cross-site scripting attacks. (CVE-2013-4491)
- An error exists related to handling temporary files that could allow a local attacker to overwrite files by using a symlink attack. (CVE-2013-4969)
- An error exists related to the included Ruby on Rails, 'Action View', and handling certain headers that could allow denial of service attacks. (CVE-2013-6414)
- An input validation error exists related to the included Ruby on Rails and the 'unit' parameter in the 'number_to_currency' helper that could allow cross-site scripting attacks. (CVE-2013-6415)
- An input validation error exists related to the included Ruby on Rails, JSON parameter parsing and SQL queries that could allow SQL injection attacks.
(CVE-2013-6417)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top