[SECURITY] Fedora 32 Update: ansible-2.9.18-1.fc32

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 33 Update: ansible-2.9.18-1.fc33

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Moderate: Red Hat Security Advisory: Ansible security and bug fix update (2.9.18)

An update for ansible is now available for Ansible Engine 2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...

ant: insecure temporary file

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

CVE-2021-26697

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can jus...

PYSEC-2021-3

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can jus...

PYSEC-2021-3

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can jus...

PT-2021-17095 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow version 2.0.0 Description: The issue concerns the lineage endpoint of the deprecated Experimental API in Apache Airflow, which was not protected by authentication. This allowed unauthenticated users to access the endpoint. The...

The vulnerability of the Windows operating system’s task scheduler allows a malicious actor to execute arbitrary code with system privileges.

The vulnerability of the Task Scheduler service taskschd.msc in the Windows operating system is related to authentication checks being neglected when working with the Microsoft Management Console. There is no verification through the User Account Control mechanism. Exploiting this vulnerability...

Insecure Access Controls

HashiCorp Nomad and Nomad Enterprise uses insecure access controls. Exec and Java task drivers are able to access processes associated with other tasks on the same node...

The vulnerability of the eDocLib platform for storing and processing corporate data arises from the lack of measures taken to protect the website structure. This vulnerability allows attackers to carry out cross-site scripting attacks.

The vulnerability of the eDocLib platform for storing and processing corporate data exists due to the lack of measures taken to protect its web page structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code in the user’s browser by creating a...

JetBrains YouTrack Cross-Site Request Forgery Vulnerability (CNVD-2021-09316)

YouTrack is a keyboard-based issue and project tracking tool from the Czech company JetBrains, primarily used for tracking tasks and defect correction arrangements during development. A cross-site request forgery vulnerability exists in JetBrains YouTrack versions prior to 2020.4.4701. An attacke...

GHSA-F62V-XPXF-3V68 Code injection in Apache Ant

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

CVE-2021-3283

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3...

Denial of service

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3...

CVE-2021-3283

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3...

CVE-2021-3283

CVE-2021-3283 affects HashiCorp Nomad and Nomad Enterprise up to version 0.12.9, where the exec and Java task drivers could access processes belonging to other tasks on the same node due to insufficient isolation. The underlying impact is elevated exposure of running task processes on a shared no...

CVE-2021-3283

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3...

CVE-2021-3283

Removed by vendor...