CVE-2016-5714

HIGH Year: 2016
CVSS v3 Score
7.2
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."

Related Vulnerabilities

CVE-2015-3653

HIGH
CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequent...

CWE-2842015

CVE-2015-3654

HIGH
CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than C...

CWE-2842015

CVE-2015-3657

HIGH
CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.

CWE-2842015

CVE-2015-4649

HIGH
CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than C...

CWE-2842015

CVE-2016-10084

HIGH
CVSS:7.2(High)

admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).

CWE-2842016

CVE-2016-10085

HIGH
CVSS:7.2(High)

admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.

CWE-2842016