Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
46057.6%HIGH

Related CVEs

6
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-8868In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token.HIGH8.897.4%Sep 29, 2025
CVE-2025-6724In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command.HIGH8.826.1%Sep 29, 2025
CVE-2023-42658 Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.HIGH7.820.0%Oct 31, 2023
CVE-2023-40050Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution. HIGH8.863.9%Oct 31, 2023
CVE-2015-8559The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.HIGH7.577.5%Sep 21, 2017
CVE-2016-4326The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.NONE89.7%Jun 10, 2016