Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.4 views

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2026-1849)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1849 advisory. A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument...

7.8CVSS6.5AI score0.00156EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.9 views

SUSE CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

7.8CVSS6.1AI score0.00156EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 8:21 a.m.9 views

CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

7.8CVSS5.7AI score0.00156EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/05 8:21 a.m.8 views

CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

7.8CVSS6.1AI score0.00156EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Ansible 参数注入漏洞

Ansible is an easy-to-use IT automation system developed under the open source license of Ansible. Ansible has a parameter injection vulnerability, which stems from improper use of the parameter separator in the ansible-galaxy role install command, allowing arbitrary code to execute...

7.8CVSS5.6AI score0.00156EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.24 views

PT-2026-46910

Name of the Vulnerable Software and Affected Versions ansible-core affected versions not specified Red Hat Ansible Automation Platform affected versions not specified Description An argument injection flaw exists in the ansible-galaxy role install command. The issue occurs because dependency...

7.8CVSS6.1AI score0.00156EPSS
Exploits0References25
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 5:25 a.m.12 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2018-16487 DESCRIPTION: A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or...

8.4CVSS8AI score0.25151EPSS
Exploits14Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-26971

Malware in sbrugna...

5.5CVSS5.6AI score0.00237EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/27 1:22 p.m.3 views

Hub: insecure galaxy-importer tarfile extraction

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...

6.5CVSS5.8AI score0.00834EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/21 12:0 a.m.2 views

Red Hat Ansible Security Vulnerability

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to publish, manage, and orchestrate computer systems. A security vulnerability exists in Red Hat Ansible that stems from a role archive that could cause ansible-galaxy to overwrit...

6.3CVSS7.6AI score0.00859EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.3 views

SUSE CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

5.2CVSS9AI score0.00358EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.5 views

SUSE CVE-2021-3681

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the buildignore list in "galaxy.yml" include files in the .tar.gz file. This contains sensitive info, such as the user's Ansible Galaxy A...

5.5CVSS6.4AI score0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/04/18 4:20 p.m.19 views

CVE-2021-3681

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the buildignore list in "galaxy.yml" include files in the .tar.gz file. This contains sensitive info, such as the user's Ansible Galaxy A...

5.6AI score0.00237EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2021/12/21 10:14 p.m.644 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j-CVE-2021-44228 detector scanner playbook !CIhttps:/...

10CVSS9.1AI score0.99999EPSS
Exploits348
CNNVD
CNNVD
added 2021/08/04 12:0 a.m.7 views

Ansible Galaxy Collections 安全漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to distribute, manage, and organize computer systems. A security vulnerability exists in Ansible Galaxy Collections that can be exploited by an attacker to obtain sensitive system...

5.5CVSS6.6AI score0.00237EPSS
Exploits0References4
OSV
OSV
added 2020/04/30 5:15 p.m.3 views

DEBIAN-CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

5.2CVSS6.6AI score0.00358EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/04/30 5:15 p.m.29 views

CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

5.2CVSS6.8AI score0.00358EPSS
Exploits0References2
OSV
OSV
added 2020/04/30 5:15 p.m.32 views

PYSEC-2020-2

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

5.2CVSS3.5AI score0.00358EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/04/22 2:10 p.m.21 views

Ansible: archive traversal vulnerability in ansible-galaxy collection install

An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system...

5.2CVSS7.1AI score0.00358EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2014/08/06 12:0 a.m.11 views

ansible -- multiple vulnerabilities

Ansible, Inc. reports: Arbitrary execution from data from compromised remote hosts or local data when using a legacy Ansible syntax - resolved in Ansible 1.7 ansible-galaxy command when used on local tarballs and not galaxy.ansible.com can install a malformed tarball if so provided - resolved in...

2.5AI score
Exploits0References2
Rows per page
Query Builder