FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-07-04 12:35:58 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
607d2108-a0e4-423a-bf78-846f2a8f01b0	puppet -- Multiple Vulnerabilities Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information. Discovery 2012-03-26 Entry 2012-04-10 puppet > 2.7.* lt 2.7.12_1 CVE-2012-1906 CVE-2012-1986 CVE-2012-1987 CVE-2012-1988 CVE-2012-1989 http://puppetlabs.com/security/cve/cve-2012-1906/ http://puppetlabs.com/security/cve/cve-2012-1986/ http://puppetlabs.com/security/cve/cve-2012-1987/ http://puppetlabs.com/security/cve/cve-2012-1988/ http://puppetlabs.com/security/cve/cve-2012-1989/
b162b218-c547-4ba2-ae31-6fdcb61bc763	puppet -- Unauthenticated Remote Code Execution Vulnerability Puppet Developers report: When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload. Discovery 2013-06-13 Entry 2013-06-22 Modified 2013-08-01 puppet >= 2.7 lt 2.7.22 >= 3.0 lt 3.2.2 CVE-2013-3567

VuXML ID

Description

607d2108-a0e4-423a-bf78-846f2a8f01b0

puppet -- Multiple Vulnerabilities

Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information.

Discovery 2012-03-26
Entry 2012-04-10
puppet

> 2.7.* lt 2.7.12_1

CVE-2012-1906
CVE-2012-1986
CVE-2012-1987
CVE-2012-1988
CVE-2012-1989
http://puppetlabs.com/security/cve/cve-2012-1906/
http://puppetlabs.com/security/cve/cve-2012-1986/
http://puppetlabs.com/security/cve/cve-2012-1987/
http://puppetlabs.com/security/cve/cve-2012-1988/
http://puppetlabs.com/security/cve/cve-2012-1989/

b162b218-c547-4ba2-ae31-6fdcb61bc763

puppet -- Unauthenticated Remote Code Execution Vulnerability

Puppet Developers report:

When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload.

Discovery 2013-06-13
Entry 2013-06-22
Modified 2013-08-01
puppet

>= 2.7 lt 2.7.22

>= 3.0 lt 3.2.2

CVE-2013-3567