Lucene search
K

94 matches found

NVD
NVD
added 2024/11/12 12:15 a.m.23 views

CVE-2024-11079

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

5.5CVSS0.00502EPSS
Exploits0References5
OSV
OSV
added 2024/11/12 12:15 a.m.2 views

DEBIAN-CVE-2024-11079

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

5.5CVSS7.4AI score0.00502EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/11/12 12:15 a.m.3 views

CVE-2024-11079

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

5.5CVSS7AI score0.00502EPSS
Exploits0References5
OSV
OSV
added 2024/11/12 12:15 a.m.8 views

UBUNTU-CVE-2024-11079

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

5.5CVSS7.5AI score0.00502EPSS
Exploits0References4
CVE
CVE
added 2024/11/11 11:32 p.m.310 views

CVE-2024-11079

CVE-2024-11079 : In Ansible-Core, a bypass of unsafe-content protections via the hostvars object can lead to arbitrary code execution if templating data from remote sources or module outputs is unsafe. The description explicitly states the risk of executing templated content when hostvars is used...

5.5CVSS6.2AI score0.00502EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/11/11 11:32 p.m.6 views

CVE-2024-11079

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

5.5CVSS7.4AI score0.00502EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/11/11 12:30 p.m.14 views

CVE-2024-11079

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within...

5.5CVSS8.1AI score0.00502EPSS
Exploits0References3
OSV
OSV
added 2024/05/16 9:2 p.m.28 views

GHSA-3783-62VC-JR7X ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command

ID: NFLX-2024-002 Impact Authenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any...

9.6CVSS6.1AI score0.00928EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/05/16 9:2 p.m.22 views

ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command

ID: NFLX-2024-002 Impact Authenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any...

9.3CVSS6.2AI score0.00928EPSS
Exploits0References6Affected Software1
Fedora
Fedora
added 2024/02/01 1:25 a.m.29 views

[SECURITY] Fedora 38 Update: python-templated-dictionary-1.4-1.fc38

Dictionary where getitem is run through Jinja2 template...

9.8CVSS7.3AI score0.01552EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/02/01 12:0 a.m.15 views

Fedora 38 : python-templated-dictionary (2024-4bd03c989b)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4bd03c989b advisory. Fixing CVE-2023-6395 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

9.8CVSS7.6AI score0.01552EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/01/31 12:0 a.m.17 views

Fedora: Security Advisory (FEDORA-2024-f69989e7dd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.01552EPSS
Exploits1References3
Fedora
Fedora
added 2024/01/30 4:22 a.m.25 views

[SECURITY] Fedora 39 Update: python-templated-dictionary-1.4-1.fc39

Dictionary where getitem is run through Jinja2 template...

9.8CVSS7.3AI score0.01552EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/01/30 12:0 a.m.21 views

Fedora 39 : python-templated-dictionary (2024-f69989e7dd)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f69989e7dd advisory. Fixing CVE-2023-6395 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

9.8CVSS7.6AI score0.01552EPSS
Exploits1References2
Veracode
Veracode
added 2024/01/17 7:30 a.m.17 views

Privilege Escalation

templated-dictionary is vulnerable to Privilege Escalation. The vulnerability is caused due to absence of proper sandboxing mechanisms during the expansion and execution of Jinja2 templates. This allows an attacker to define configuration tags that potentially lead to privilege escalation or code...

9.8CVSS7.7AI score0.01552EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2024/01/16 3:15 p.m.7 views

AZL-43540 CVE-2023-6395 affecting package python-templated-dictionary 1.1-6

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

9.8CVSS6.2AI score0.01552EPSS
Exploits1References1
Rapid7 Blog
Rapid7 Blog
added 2023/12/29 3:52 p.m.18 views

Velociraptor 0.7.1 Release

Written by Dr. Michael Cohen Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023 Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities th...

6.5AI score
Exploits0
OSV
OSV
added 2023/09/06 3:30 p.m.39 views

GHSA-V594-2C97-HX38 Apache Superset vulnerable to improper data authorization

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS4.6AI score0.00726EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/09/06 3:30 p.m.23 views

Apache Superset vulnerable to improper data authorization

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS5.2AI score0.00726EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/09/06 1:15 p.m.30 views

CVE-2023-27523

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS5AI score0.00726EPSS
Exploits0References1
Rows per page
Query Builder