2190 matches found
SUSE-SU-2026:2680-1 Security update for ansible-core
This update for ansible-core fixes the following issues: - CVE-2026-11332: Argument injection in ansible-galaxy role install leads to arbitrary code execution bsc1267822...
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2026-1849)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1849 advisory. A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument...
SUSE-SU-2026:22171-1 Security update for ansible-core
This update for ansible-core fixes the following issue - CVE-2026-11332: argument injection in ansible-galaxy role install leads to arbitrary code execution bsc1267822...
OPENSUSE-SU-2026:21097-1 Security update for ansible-core
This update for ansible-core fixes the following issue - CVE-2026-11332: argument injection in ansible-galaxy role install leads to arbitrary code execution bsc1267822...
GHSA-6HW7-J4JW-WPFF Galaxy NG: command injection vulnerability
A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...
CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names
A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...
PT-2026-49716
Name of the Vulnerable Software and Affected Versions galaxy ng affected versions not specified Description A command injection issue exists in the legacy role import API v1 where the do git checkout function interpolates unsanitized git ref names, such as branch or tag names, into shell commands...
CVE-2026-54362
An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...
EUVD-2026-36580
An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...
CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations
An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...
CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations
An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...
PT-2026-48994
An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...
Exploit for Out-of-bounds Write in Mediatek Lr12A
CVE-2024-20154: NB-IoT SIB1-NB Stack Overflow in MediaTek MT67...
Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution
...
CVE-2026-21029
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations...
SUSE CVE-2026-11332
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...
CVE-2026-21013
Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information...
CVE-2026-21029
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations...
CVE-2026-21029
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations...
EUVD-2026-34801
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations...