ROS-20250814-10

A vulnerability in the mod-copy module of the ProFTPD FTP server is related to a null pointer dereference error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2019-14905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy...

kernel: firmware_loader: Fix use-after-free during unregister

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...

SUSE CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

Ansible: modules which use files encrypted with vault are not properly cleaned up

A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, wincopy, awss3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root...

ALPINE-CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

PYSEC-2020-206

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

UBUNTU-CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

Ansible: malicious code could craft filename in nxos_file_copy module

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues...

Ansible: malicious code could craft filename in nxos_file_copy module

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues...

Ansible nxos_file_copy module input validation error vulnerability

Ansible is a computer system configuration manager from the American company Ansible. The product can be used to distribute, manage, and program computer systems. nxosfilecopy is one of the modules that supports copying files to remote NXOS devices. An input validation error vulnerability exists ...

PT-2019-2795

Name of the Vulnerable Software and Affected Versions ProFTPD versions up to 1.3.5b Description The issue is related to an arbitrary file copy vulnerability in the mod copy module of ProFTPD, allowing for remote code execution and information disclosure without authentication. This can be exploit...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

PT-2015-1244

Name of the Vulnerable Software and Affected Versions ProFTPD version 1.3.5 Description The issue allows remote attackers to read and write to arbitrary files. This is achieved via the site cpfr and site cpto commands, which are part of the mod copy module in the ProFTPD FTP server. Recommendatio...