Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

EUVD-2020-20450

Malware in sbrugna...

EUVD-2018-11751

Malware in sbrugna...

EUVD-2024-25092

Malicious code in bioql PyPI...

CVE-2024-3366

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to...

SAP ABAP Platform Authorization Issues Vulnerability

SAP ABAP Platform is an ABAP-based SAP solution from SAP. SAP ABAP Platform has an authorization issue vulnerability that stems from a lack of authorization checks. An attacker with a business user account in SAP ABAP Platform could exploit the vulnerability to change the privacy settings of a jo...

CVE-2024-27900

Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner...

SAP ABAP Platform 安全漏洞

SAP ABAP Platform is an ABAP-based SAP solution from SAP. SAP ABAP Platform has an authorization issue vulnerability that stems from a lack of authorization checks. An attacker with a business user account in SAP ABAP Platform could exploit the vulnerability to change the privacy settings of a jo...

Directory traversal

JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker ca...

CVE-2020-27958

The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template...

Design/Logic Flaw

The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template...

CVE-2020-27958

The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template...

Code Injection

ansible-tower is vulnerable to code injection vulnerability. The users who have access to create variables for a job template could execute arbitrary codes on the Tower server...

ansible-tower: Remote code execution by users with access to define variables in job templates

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server...

ansible-tower: Remote code execution by users with access to define variables in job templates

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server...

CVE-2018-1104

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server...

CVE-2018-1104

Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server...

foreman: Persistent XSS in Foreman remote execution plugin

It was found that foreman is vulnerable to a stored XSS via a job template with a malformed name. This could allow an attacker with privileges to set the name in a template to display arbitrary HTML including scripting code within the web interface...

CVE-2017-9767

Multiple cross-site scripting XSS vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the 1 Name or 2 Description parameter to RM/Reservation/ReserveNew; the 3 Description parameter to RM/Topology/Update; the 4 Name, 5...

CVE-2016-6319

It was found that foreman is vulnerable to a stored XSS via a job template with a malformed name. This could allow an attacker with privileges to set the name in a template to display arbitrary HTML including scripting code within the web interface...