94 matches found
CVE-2024-11079
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...
DEBIAN-CVE-2024-11079
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...
CVE-2024-11079
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...
UBUNTU-CVE-2024-11079
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...
CVE-2024-11079
CVE-2024-11079 : In Ansible-Core, a bypass of unsafe-content protections via the hostvars object can lead to arbitrary code execution if templating data from remote sources or module outputs is unsafe. The description explicitly states the risk of executing templated content when hostvars is used...
CVE-2024-11079
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...
CVE-2024-11079
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within...
GHSA-3783-62VC-JR7X ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
ID: NFLX-2024-002 Impact Authenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any...
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
ID: NFLX-2024-002 Impact Authenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any...
[SECURITY] Fedora 38 Update: python-templated-dictionary-1.4-1.fc38
Dictionary where getitem is run through Jinja2 template...
Fedora 38 : python-templated-dictionary (2024-4bd03c989b)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4bd03c989b advisory. Fixing CVE-2023-6395 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...
Fedora: Security Advisory (FEDORA-2024-f69989e7dd)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: python-templated-dictionary-1.4-1.fc39
Dictionary where getitem is run through Jinja2 template...
Fedora 39 : python-templated-dictionary (2024-f69989e7dd)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f69989e7dd advisory. Fixing CVE-2023-6395 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...
Privilege Escalation
templated-dictionary is vulnerable to Privilege Escalation. The vulnerability is caused due to absence of proper sandboxing mechanisms during the expansion and execution of Jinja2 templates. This allows an attacker to define configuration tags that potentially lead to privilege escalation or code...
AZL-43540 CVE-2023-6395 affecting package python-templated-dictionary 1.1-6
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...
Velociraptor 0.7.1 Release
Written by Dr. Michael Cohen Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023 Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities th...
GHSA-V594-2C97-HX38 Apache Superset vulnerable to improper data authorization
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
Apache Superset vulnerable to improper data authorization
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
CVE-2023-27523
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...