HSEC-2023-0011 git-annex GPG decryption attack via compromised remote

git-annex GPG decryption attack via compromised remote A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's GPG key. This attack could be used to expose encrypted data that was never stored in git-annex. Daniel Dent discovered this...

CVE-2025-39663

CVE-2025-39663: XSS in Checkmk’s distributed monitoring allows a compromised remote site to inject malicious HTML into service outputs at the central site. Affected versions: Checkmk older than 2.4.0p14, 2.3.0p39, 2.2.0, and 2.1.0 (eol). Root cause: cross-site scripting via trusted/compromised re...

Ansible: Compromised remote hosts can lead to running commands on the Ansible controller

An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server...

Command Execution Through Compromised Remote Hosts

ansible is vulnerable to command execution through a comprised remote system. A compromised remote system managed through ansible can lead to commands being executed on the ansible controller when the user is running the ansible or ansible-playbook command...

ansible -- multiple vulnerabilities

Ansible, Inc. reports: Arbitrary execution from data from compromised remote hosts or local data when using a legacy Ansible syntax - resolved in Ansible 1.7 ansible-galaxy command when used on local tarballs and not galaxy.ansible.com can install a malformed tarball if so provided - resolved in...