Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ansible vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28609
api/auth.go in Ansible Semaphore prior to 2.8.89 mishandles authentication.
Ansible-semaphore Ansible Semaphore
NA
CVE-2022-41724
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly...
Golang Go
Golang Go 1.20.0
NA
CVE-2022-41725
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package wi...
Golang Go
Golang Go 1.20.0
NA
CVE-2023-24580
An issue exists in the Multipart Request Parser in Django 3.2 prior to 3.2.18, 4.0 prior to 4.0.10, and 4.1 prior to 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a pote...
Djangoproject Django
Debian Debian Linux 10.0
NA
CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable object...
Cryptography Project Cryptography
NA
CVE-2014-125036
A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done withi...
Ansible-ntp Project Ansible-ntp
NA
CVE-2022-41717
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the s...
Golang Go
Golang Http2
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
NA
CVE-2022-3697
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an malicious user to take advantage of this issue as the module is handling the parameter insecurely, leading to the password...
Redhat Ansible Collection
Redhat Ansible
NA
CVE-2022-3644
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
Pulpproject Pulp Ansible -
Redhat Satellite 6.0
Redhat Ansible Automation Platform 2.0
Redhat Update Infrastructure 3.0
NA
CVE-2022-3205
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
Redhat Ansible Automation Platform 1.2
Redhat Ansible Automation Platform 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »