Every CVE whose affected-product data names Puppet Puppet Agent, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2016-2785 — CVSS 9.8 (critical): Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers…
CVE-2021-27023 — CVSS 9.8 (critical): A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a…
CVE-2016-2786 — CVSS 9.8 (critical): The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server…
CVE-2016-5713 — CVSS 9.8 (critical): Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables…
CVE-2016-5714 — CVSS 7.2 (high): Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host…
CVE-2021-27025 — CVSS 6.5 (medium): A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service…
CVE-2020-7942 — CVSS 6.5 (medium): Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a…
CVE-2015-1855 — CVSS 5.9 (medium): verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does…