465 matches found
PYSEC-2019-2
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...
CVE-2019-10156
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...
PYSEC-2019-2
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...
CVE-2019-10156
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...
CVE-2019-10156
CVE-2019-10156 affects Ansible: templating flaw in versions before 2.6.18, 2.7.12 and 2.8.2 enables information disclosure through unintended variable substitution (contents of any variable may be disclosed). Several connected advisories confirm fixes/upgrades: e.g., Debian stable (buster) update...
CVE-2019-10156
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...
CVE-2019-10156
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...
ansible: unsafe template evaluation of returned module data can lead to information disclosure
A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed...
ansible: unsafe template evaluation of returned module data can lead to information disclosure
A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed...
ansible: unsafe template evaluation of returned module data can lead to information disclosure
A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed...
CVE-2018-14862
Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...
CVE-2018-14862
Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...
PT-2019-6151
Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.6.18 Ansible versions prior to 2.7.12 Ansible versions prior to 2.8.2 Description A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through...
Fedora Update for cobbler FEDORA-2018-22c609e92a
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 29 Update: python-jinja2-2.10.1-1.fc29
Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...
drupal -- Drupal core - Moderately critical
Drupal Security Team reports: CVE-2019-10909: Escape validation messages in the PHP templating engine. CVE-2019-10910: Check service IDs are valid. CVE-2019-10911: Add a separator in the remember me cookie hash. jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue...
SImiik <=v1.6.2.1 xss + rce
1.XSS Examples: python3 -m simiki.cli new -t "Hello S...
[SECURITY] Fedora 30 Update: nodejs-handlebars-4.0.13-1.fc30
Handlebars.js is an extension to the Mustache templating language created by Chris Wanstrath. Handlebars.js and Mustache are both logicless templating languages that keep the view and the code separated like we all know they s hould be...
The vulnerability of the `from_string` function in the Jinja2 templater, which allows an attacker to compromise the confidentiality and integrity of the protected information.
The vulnerability of the fromstring function in the Jinja2 templater for the Python programming language is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected information...
Sensio Labs Twig Information Disclosure Vulnerability
Sensio Labs Twig is a PHP templating engine from Sensio Labs, France, which supports custom tags and filters and creates DSLs. A security vulnerability exists in the sandbox in Sensio Labs Twig versions prior to 1.38.0 and 2.x versions prior to 2.7.0. The vulnerability can be exploited by an...