Lucene search
K

4103 matches found

RedHat Linux
RedHat Linux
added 6 days ago14 views

Important: Red Hat Security Advisory: Red Hat Edge Manager Version 1.0.3 Security Update

Red Hat Edge Manager Version 1.0.3 Security Update Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports image-mode RHEL and container workloads that run on Podman/Docker or Kubernetes. RHEM is now available as a...

10CVSS6.9AI score0.01735EPSS
Exploits7References28
OSV
OSV
added 2026/07/02 10:17 a.m.8 views

RHSA-2026:34160 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

Bulletin has no description...

8.1CVSS6AI score0.0068EPSS
Exploits5References60
RedHat Linux
RedHat Linux
added 2026/07/01 4:35 p.m.9 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

8.9CVSS6.7AI score0.00745EPSS
Exploits6References14
OSV
OSV
added 2026/06/29 1:27 p.m.2 views

SUSE-SU-2026:2680-1 Security update for ansible-core

This update for ansible-core fixes the following issues: - CVE-2026-11332: Argument injection in ansible-galaxy role install leads to arbitrary code execution bsc1267822...

7.8CVSS6.4AI score0.00156EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES16 Security Update : ansible-core (SUSE-SU-2026:22171-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:22171-1 advisory. This update for ansible-core fixes the following issue - CVE-2026-11332: argument injection in ansible-galaxy role install leads to arbitra...

7.8CVSS6.1AI score0.00156EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 10:8 a.m.11 views

RHSA-2026:28377 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security Update

Bulletin has no description...

9.6CVSS5.8AI score0.0037EPSS
Exploits0References7
OSV
OSV
added 2026/06/24 10:8 a.m.8 views

RHSA-2026:28376 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security Update

Bulletin has no description...

9.6CVSS5.7AI score0.0037EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

RHEL 9 : Red Hat Ansible Automation Platform 2.6 Product Security Update (Critical) (RHSA-2026:28377)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28377 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

9.6CVSS6AI score0.0037EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.21 views

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security Update (Critical) (RHSA-2026:28376)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28376 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers ca...

9.6CVSS6AI score0.0037EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 9:16 p.m.8 views

CVE-2026-11807

A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...

9.6CVSS0.0037EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-11819

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS0.00122EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 7:53 p.m.5 views

CVE-2026-11819 Community.general: community.general keyring_info — os keyring passphrase returned in plaintext

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:53 p.m.4 views

CVE-2026-11819

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.32 views

CVE-2026-11819 Community.general: community.general keyring_info — os keyring passphrase returned in plaintext

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 7:53 p.m.10 views

EUVD-2026-38604

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 7:53 p.m.15 views

CVE-2026-11819

The CVE-2026-11819 issue affects the Ansible community.general keyring_info module. The module reads a passphrase from the OS keyring and writes it directly to result["passphrase"] without output suppression. Root cause shows protected input variable (line with no_log=True) but unprotected output...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:40 p.m.5 views

CVE-2026-11807

A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...

9.6CVSS5.9AI score0.0037EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/23 7:40 p.m.8 views

EUVD-2026-38598

A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...

9.6CVSS5.9AI score0.0037EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 7:40 p.m.72 views

CVE-2026-11807

CVE-2026-11807 affects Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint fails to verify permissions when processing Worker messages, permitting any authenticated user to forge a message with an arbitrary activation_id and access plaintext credentials tied to tha...

9.6CVSS5.9AI score0.0037EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/23 7:40 p.m.6 views

CVE-2026-11807 Eda-server: websocket missing authorization allows credential theft via activation_id spoofing

A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...

9.6CVSS5.9AI score0.0037EPSS
Exploits0References6
Rows per page
Query Builder