rpm package
suse/dracut-saltboot&distro=SUSE Manager Client Tools 15-BETA
pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015-BETA
Vulnerabilities (52)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3711 | — | < 0.1.1681904360.84ef141-159000.3.30.1 | 0.1.1681904360.84ef141-159000.3.30.1 | Aug 24, 2021 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with | ||
| CVE-2021-36222 | — | < 0.1.1681904360.84ef141-159000.3.30.1 | 0.1.1681904360.84ef141-159000.3.30.1 | Jul 22, 2021 | ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a | ||
| CVE-2021-20191 | — | < 0.1.1681904360.84ef141-159000.3.30.1 | 0.1.1681904360.84ef141-159000.3.30.1 | May 26, 2021 | A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulne | ||
| CVE-2021-20178 | — | < 0.1.1681904360.84ef141-159000.3.30.1 | 0.1.1681904360.84ef141-159000.3.30.1 | May 26, 2021 | A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f | ||
| CVE-2021-20228 | — | < 0.1.1681904360.84ef141-159000.3.30.1 | 0.1.1681904360.84ef141-159000.3.30.1 | Apr 29, 2021 | A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from | ||
| CVE-2021-3447 | — | < 0.1.1681904360.84ef141-159000.3.30.1 | 0.1.1681904360.84ef141-159000.3.30.1 | Apr 1, 2021 | A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_lo | ||
| CVE-2020-7753 | — | < 0.1.1681904360.84ef141-159000.3.30.1 | 0.1.1681904360.84ef141-159000.3.30.1 | Oct 27, 2020 | All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). | ||
| CVE-2020-14365 | — | < 0.1.1710765237.46af599-159000.3.33.2 | 0.1.1710765237.46af599-159000.3.33.2 | Sep 23, 2020 | A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default be | ||
| CVE-2016-8647 | — | < 0.1.1710765237.46af599-159000.3.33.2 | 0.1.1710765237.46af599-159000.3.33.2 | Jul 26, 2018 | An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. | ||
| CVE-2018-10874 | — | < 0.1.1710765237.46af599-159000.3.33.2 | 0.1.1710765237.46af599-159000.3.33.2 | Jul 2, 2018 | In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | ||
| CVE-2016-9587 | — | < 0.1.1710765237.46af599-159000.3.33.2 | 0.1.1710765237.46af599-159000.3.33.2 | Apr 24, 2018 | Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi | ||
| CVE-2017-7550 | Cri | 9.8 | < 0.1.1710765237.46af599-159000.3.33.2 | 0.1.1710765237.46af599-159000.3.33.2 | Nov 21, 2017 | A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t |
- CVE-2021-3711Aug 24, 2021affected < 0.1.1681904360.84ef141-159000.3.30.1fixed 0.1.1681904360.84ef141-159000.3.30.1
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with
- CVE-2021-36222Jul 22, 2021affected < 0.1.1681904360.84ef141-159000.3.30.1fixed 0.1.1681904360.84ef141-159000.3.30.1
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a
- CVE-2021-20191May 26, 2021affected < 0.1.1681904360.84ef141-159000.3.30.1fixed 0.1.1681904360.84ef141-159000.3.30.1
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulne
- CVE-2021-20178May 26, 2021affected < 0.1.1681904360.84ef141-159000.3.30.1fixed 0.1.1681904360.84ef141-159000.3.30.1
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f
- CVE-2021-20228Apr 29, 2021affected < 0.1.1681904360.84ef141-159000.3.30.1fixed 0.1.1681904360.84ef141-159000.3.30.1
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from
- CVE-2021-3447Apr 1, 2021affected < 0.1.1681904360.84ef141-159000.3.30.1fixed 0.1.1681904360.84ef141-159000.3.30.1
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_lo
- CVE-2020-7753Oct 27, 2020affected < 0.1.1681904360.84ef141-159000.3.30.1fixed 0.1.1681904360.84ef141-159000.3.30.1
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
- CVE-2020-14365Sep 23, 2020affected < 0.1.1710765237.46af599-159000.3.33.2fixed 0.1.1710765237.46af599-159000.3.33.2
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default be
- CVE-2016-8647Jul 26, 2018affected < 0.1.1710765237.46af599-159000.3.33.2fixed 0.1.1710765237.46af599-159000.3.33.2
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
- CVE-2018-10874Jul 2, 2018affected < 0.1.1710765237.46af599-159000.3.33.2fixed 0.1.1710765237.46af599-159000.3.33.2
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
- CVE-2016-9587Apr 24, 2018affected < 0.1.1710765237.46af599-159000.3.33.2fixed 0.1.1710765237.46af599-159000.3.33.2
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi
- affected < 0.1.1710765237.46af599-159000.3.33.2fixed 0.1.1710765237.46af599-159000.3.33.2
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t
Page 3 of 3