Search CVE reports
1 – 10 of 94 results
CVE-2024-8775
Medium priorityA flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted...
2 affected packages
ansible, ansible-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ansible-core | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2023-44428
Medium priorityMuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required...
3 affected packages
musescore, musescore2, musescore3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| musescore | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| musescore2 | Needs evaluation | Needs evaluation | Not in release | — | — |
| musescore3 | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2024-0690
Medium priorityAn information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending...
2 affected packages
ansible, ansible-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2024-0684
Medium priorityA flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and...
1 affected packages
coreutils
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| coreutils | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-5115
Medium priorityAn absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of...
2 affected packages
ansible, ansible-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-5764
Medium prioritySome fixes available 4 of 8
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to...
2 affected packages
ansible, ansible-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ansible | Not affected | Fixed | Fixed | Fixed | Fixed |
| ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-5189
Medium priorityA path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the...
2 affected packages
ansible, ansible-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-4380
Medium priorityA logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting...
2 affected packages
ansible, ansible-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-4237
Medium priorityA flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files,...
2 affected packages
ansible, ansible-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ansible | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ansible-core | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2023-35394
Medium priorityAzure HDInsight Jupyter Notebook Spoofing Vulnerability
3 affected packages
jupyter-core, jupyter-notebook, notebook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jupyter-core | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| jupyter-notebook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
| notebook | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |