Ansible: path traversal in the fetch module

A path traversal flaw was found in ansible. The fetch module allows copying and overwriting files outside of the specified destination in the local ansible controller host by not restricting an absolute path. The main threat from this vulnerability is to data confidentiality and integrity...

Ansible: path traversal in the fetch module

A path traversal flaw was found in ansible. The fetch module allows copying and overwriting files outside of the specified destination in the local ansible controller host by not restricting an absolute path. The main threat from this vulnerability is to data confidentiality and integrity...

Ansible fetch module path traversal vulnerability

Ansible is a computer system configuration manager that can be used to publish, manage, and orchestrate computer systems. A path traversal vulnerability exists in the Ansible fetch module. An attacker can exploit this vulnerability to copy and overwrite files...

PHP Code Injection

smarty-php/smarty is vulnerable to PHP code injection attacks. The vulnerability exists as the template names are unsanitized when called from fetch or display, allowing PHP code injection attacks...

Directory Traversal

ansible is vulnerable to directory traversal. A lack of validation in the fetch module allows copying and overwriting of files outside of the specified destination in the local ansible controller host using the ../ characters...

CVE-2017-3145 Improper fetch cleanup sequencing in the resolver can cause named to crash

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1...

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution attacks. The vulnerability exists as a use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash...

PT-2019-5658 · Helm +1 · Helm +1

Name of the Vulnerable Software and Affected Versions: Helm versions 2.0.0 through 2.12.1 Description: The issue is related to a path traversal vulnerability in Helm, where chart archive files can be unpacked outside of the target directory when using the commands helm fetch --untar and helm lint...

CVE-2018-6091

Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2018-6091

Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2018-6091

Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2018-6091

Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Design/Logic Flaw

Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2018-6091

Removed by vendor...

CVE-2018-6091

Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2018-6091

CVE-2018-6091 corresponds to a Chrome/Chromium vulnerability where Service Workers incorrectly handle plugins. The connected documentation links this CVE to the Chrome/Chromium 66.0.3359.117 line, with advisories noting affected releases and urging upgrades. Affected product: Google Chrome (Chrom...

kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...

zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file

An improper input validation was found in function zzipfetchdisktrailer of ZZIPlib, up to 0.13.68, that could lead to a crash in zzipparserootdirectory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file...

Security update for pam_pkcs11 (moderate)

This update for pampkcs11 fixes the following security issues: - It was possible to replay an authentication by using a specially prepared smartcard or token bsc1105012 - Prevent buffer overflow if a user has a home directory with a length of more than 512 bytes bsc1105012 - Memory not cleaned...

CVE-2018-11278

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault...