exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2020-1753

Status Candidate

Overview

A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.

Related Files

Red Hat Security Advisory 2021-1852-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1852-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include buffer overflow, denial of service, null pointer, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-14373, CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306, CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310, CVE-2020-17538
SHA-256 | 6e7d95947f3800ad0d42cbec0828c4c5d322252d380507bdf4d2b0cecabc2aa4
Apache Struts 2 Forced Multi OGNL Evaluation
Posted Dec 24, 2020
Authored by Matthias Kaiser, Spencer McIntyre, Alvaro Munoz, ka1n4t | Site metasploit.com

The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This vulnerability is application dependant. A server side template must make an affected use of request data to render an HTML tag attribute.

tags | exploit, remote, code execution
advisories | CVE-2019-0230, CVE-2020-17530
SHA-256 | 3cfe28296a3b91c815100d9996280537326adc728304ac8036ea7dcb8ca37586
Gentoo Linux Security Advisory 202008-20
Posted Aug 31, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202008-20 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in the arbitrary execution of code. Versions less than 9.52 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-15900, CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306, CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310, CVE-2020-17538
SHA-256 | ae7145ed74d18bfb3784312e9db7332b2b5c4185d5cce351690b27a3c9c707e7
Ubuntu Security Notice USN-4469-1
Posted Aug 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4469-1 - It was discovered that Ghostscript incorrectly handled certain document files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-16287, CVE-2020-16291, CVE-2020-16295, CVE-2020-16299, CVE-2020-16303, CVE-2020-16307, CVE-2020-17538
SHA-256 | a37b8eb29fe3a005bbe5986d84c0a853a8610160315fbe82b2ce46f9d61df2ce
Gentoo Linux Security Advisory 202006-11
Posted Jun 12, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202006-11 - Multiple vulnerabilities have been found in Ansible, the worst of which could result in the arbitrary execution of code. Versions less than 2.9.7 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-10684, CVE-2020-10685, CVE-2020-1733, CVE-2020-1735, CVE-2020-1736, CVE-2020-1737, CVE-2020-1738, CVE-2020-1740, CVE-2020-1753
SHA-256 | 07bf091f4874a3a39e3e16f85a6bae74fe9910afa08923b0f0c10cdb896fd1cf
Red Hat Security Advisory 2020-2142-01
Posted May 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2142-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2020-1753
SHA-256 | e1abfdcad1c18322dd63581be947d604c8a658e1bb68c20f2cc4bc3df1d5379e
Red Hat Security Advisory 2020-1541-01
Posted Apr 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1541-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include information leakage, password leak, and traversal vulnerabilities.

tags | advisory, remote, vulnerability
systems | linux, redhat
advisories | CVE-2020-10684, CVE-2020-10685, CVE-2020-10691, CVE-2020-1733, CVE-2020-1735, CVE-2020-1737, CVE-2020-1739, CVE-2020-1740, CVE-2020-1746, CVE-2020-1753
SHA-256 | bafa80d198121580fa5362fb4f482bc1ea9851b9c4a5ce83e562156958360640
Red Hat Security Advisory 2020-1542-01
Posted Apr 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1542-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include information leakage, password leak, and traversal vulnerabilities.

tags | advisory, remote, vulnerability
systems | linux, redhat
advisories | CVE-2020-10684, CVE-2020-10685, CVE-2020-10691, CVE-2020-1733, CVE-2020-1735, CVE-2020-1737, CVE-2020-1739, CVE-2020-1740, CVE-2020-1746, CVE-2020-1753
SHA-256 | 081f0637174bb0bb026e380e73e882eaf6655807ad9be9a713654872ac5e68dc
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close