Puppet Enterprise 2015.3.0

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:puppet:puppet_enterprise:2015.3.0:*:*:*:*:*:*:*

part: a version: 2015.3.0 update: *

VendorPuppet (056a1ba3-12b3-5ecf-a97f-ab3b403c7816)
ProductPuppet Enterprise (f0f1d1ad-3d9e-59c3-8dee-09d0423ff49c)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/puppetlabs/puppet purl2cpe 2026-06-01 10:14:37.329933

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2016-5716 vulnerable 2026-06-03 14:35:55.696509 Details available
The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.
Published: 2017-08-09T14:00:00.000Z
Updated: 2024-09-16T23:46:30.239Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2786 vulnerable 2026-06-03 14:35:43.789541 Details available
The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.
Published: 2016-06-10T15:00:00.000Z
Updated: 2024-08-05T23:32:20.981Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-7330 vulnerable 2026-06-03 14:35:08.453290 Details available
Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.
Published: 2016-04-11T21:00:00.000Z
Updated: 2024-08-06T07:43:46.259Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.