Lucene search
K

465 matches found

PyPA
PyPA
added 2019/07/30 11:15 p.m.9 views

PYSEC-2019-2

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...

5.5CVSS6.2AI score0.01759EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2019/07/30 11:15 p.m.24 views

CVE-2019-10156

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...

5.5CVSS6.7AI score0.01759EPSS
Exploits0References5
OSV
OSV
added 2019/07/30 11:15 p.m.28 views

PYSEC-2019-2

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...

5.5CVSS3.3AI score0.01759EPSS
Exploits0References7
Cvelist
Cvelist
added 2019/07/30 10:12 p.m.23 views

CVE-2019-10156

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...

4.6CVSS6.1AI score0.01759EPSS
Exploits0References7
CVE
CVE
added 2019/07/30 10:12 p.m.214 views

CVE-2019-10156

CVE-2019-10156 affects Ansible: templating flaw in versions before 2.6.18, 2.7.12 and 2.8.2 enables information disclosure through unintended variable substitution (contents of any variable may be disclosed). Several connected advisories confirm fixes/upgrades: e.g., Debian stable (buster) update...

5.5CVSS5.7AI score0.01759EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2019/07/30 10:12 p.m.56 views

CVE-2019-10156

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...

5.5CVSS6.2AI score0.01759EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/07/30 10:12 p.m.95 views

CVE-2019-10156

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be...

5.5CVSS6.3AI score0.01759EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/07/09 9:46 a.m.11 views

ansible: unsafe template evaluation of returned module data can lead to information disclosure

A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed...

5.5CVSS7.1AI score0.01759EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/07/09 9:45 a.m.5 views

ansible: unsafe template evaluation of returned module data can lead to information disclosure

A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed...

5.5CVSS7.1AI score0.01759EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/07/09 8:50 a.m.6 views

ansible: unsafe template evaluation of returned module data can lead to information disclosure

A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed...

5.5CVSS7.1AI score0.01759EPSS
Exploits0References4
OSV
OSV
added 2019/07/03 7:15 p.m.6 views

CVE-2018-14862

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...

6.5CVSS5.9AI score0.00805EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/07/03 6:56 p.m.27 views

CVE-2018-14862

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...

6.3AI score0.00805EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/06/06 12:0 a.m.6 views

PT-2019-6151

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.6.18 Ansible versions prior to 2.7.12 Ansible versions prior to 2.8.2 Description A flaw was discovered in the way Ansible templating was implemented, causing the possibility of information disclosure through...

5.5CVSS7.2AI score0.01759EPSS
Exploits0References194
OpenVAS
OpenVAS
added 2019/05/07 12:0 a.m.76 views

Fedora Update for cobbler FEDORA-2018-22c609e92a

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.6786EPSS
Exploits0References2
Fedora
Fedora
added 2019/04/27 11:11 p.m.36 views

[SECURITY] Fedora 29 Update: python-jinja2-2.10.1-1.fc29

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...

8.6CVSS0.9AI score0.03603EPSS
Exploits1
FreeBSD
FreeBSD
added 2019/04/17 12:0 a.m.40 views

drupal -- Drupal core - Moderately critical

Drupal Security Team reports: CVE-2019-10909: Escape validation messages in the PHP templating engine. CVE-2019-10910: Check service IDs are valid. CVE-2019-10911: Add a separator in the remember me cookie hash. jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue...

9.8CVSS1.2AI score0.0595EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2019/04/15 12:27 p.m.3 views

SImiik <=v1.6.2.1 xss + rce

1.XSS Examples: python3 -m simiki.cli new -t "Hello S...

7.2AI score
Exploits0
Fedora
Fedora
added 2019/03/29 7:29 p.m.20 views

[SECURITY] Fedora 30 Update: nodejs-handlebars-4.0.13-1.fc30

Handlebars.js is an extension to the Mustache templating language created by Chris Wanstrath. Handlebars.js and Mustache are both logicless templating languages that keep the view and the code separated like we all know they s hould be...

1.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/03/27 12:0 a.m.8 views

The vulnerability of the `from_string` function in the Jinja2 templater, which allows an attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the fromstring function in the Jinja2 templater for the Python programming language is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected information...

8.5CVSS7.5AI score0.4478EPSS
Exploits5References5Affected Software1
CNVD
CNVD
added 2019/03/25 12:0 a.m.7 views

Sensio Labs Twig Information Disclosure Vulnerability

Sensio Labs Twig is a PHP templating engine from Sensio Labs, France, which supports custom tags and filters and creates DSLs. A security vulnerability exists in the sandbox in Sensio Labs Twig versions prior to 1.38.0 and 2.x versions prior to 2.7.0. The vulnerability can be exploited by an...

4.3CVSS6.5AI score0.01405EPSS
Exploits0References1
Rows per page
Query Builder