GCVE - cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*

part: a version: 2015.3.3 update: *

Vendor	Puppet (`056a1ba3-12b3-5ecf-a97f-ab3b403c7816`)
Product	Puppet Enterprise (`f0f1d1ad-3d9e-59c3-8dee-09d0423ff49c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/puppetlabs/puppet`	purl2cpe	2026-06-01 10:14:37.329937

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-5716`	vulnerable	2026-06-03 14:35:55.697543	Details available The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. Published: 2017-08-09T14:00:00.000Z Updated: 2024-09-16T23:46:30.239Z Open on db.gcve.eu Reference links https://puppet.com/security/cve/pe-console-oct-2016	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5714`	vulnerable	2026-06-03 14:35:55.689882	Details available Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability." Published: 2017-10-18T18:00:00.000Z Updated: 2024-08-06T01:07:59.946Z Open on db.gcve.eu Reference links https://puppet.com/security/cve/pxp-agent-oct-2016 https://security.gentoo.org/glsa/201710-12 https://bugs.gentoo.org/597684 https://puppet.com/security/cve/cve-2016-5714	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.