Skip to main content

Mcollective

2 CVEs product

Monthly

CVE-2017-2292 CRITICAL Act Now

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Mcollective
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2014-3251 MEDIUM This Month

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which. Rated medium severity (CVSS 4.4). No vendor patch available.

Race Condition Authentication Bypass Puppet Enterprise Mcollective
NVD
CVSS 2.0
4.4
EPSS
0.0%
EPSS 2% CVSS 9.0
CRITICAL Act Now

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Mcollective
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which. Rated medium severity (CVSS 4.4). No vendor patch available.

Race Condition Authentication Bypass Puppet Enterprise +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy