| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-9902 | Ansible-core: ansible-core user may read/write unauthorized content | - | - | Medium | 6.3 | 2024-11-06 09:56:55 | Deep Dive |
| CVE-2024-10033 | Aap-gateway: xss on aap-gateway | - | - | Medium | 6.1 | 2024-10-16 16:59:44 | Deep Dive |
| CVE-2024-9979 | Pyo3: risk of use-after-free in `borrowed` reads from python weak references | - | - | Medium | 5.3 | 2024-10-15 14:01:54 | Deep Dive |
| CVE-2024-9620 | Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption | - | - | Medium | 5.3 | 2024-10-08 16:25:40 | Deep Dive |
| CVE-2024-9355 | Golang-fips: golang fips zeroed buffer | - | - | Medium | 6.5 | 2024-10-01 18:17:29 | Deep Dive |
| CVE-2024-8775 | Ansible-core: exposure of sensitive information in ansible vault files due to improper logging | - | - | Medium | 5.5 | 2024-09-14 02:15:15 | Deep Dive |
| CVE-2024-6840 | Automation-controller: gain access to the k8s api server via job execution with container group | - | - | Medium | 6.6 | 2024-09-12 16:35:09 | Deep Dive |
| CVE-2024-7143 | Pulpcore: rbac permissions incorrectly assigned in tasks that create objects | - | - | 中危 | - | 2024-08-07 16:49:30 | Deep Dive |
| CVE-2024-3727 | Containers/image: digest type does not guarantee valid type | - | - | High | 8.3 | 2024-05-09 14:57:21 | Deep Dive |
| CVE-2024-1657 | Platform: insecure websocket used when interacting with eda server | - | - | High | 8.1 | 2024-04-25 16:28:38 | Deep Dive |
| CVE-2024-1394 | Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 | High | 7.5 | 2024-03-21 12:16:39 | Deep Dive |
| CVE-2023-6681 | Jwcrypto: denail of service via specifically crafted jwe | Red Hat | Red Hat Enterprise Linux 8 | Medium | 5.3 | 2024-02-12 14:04:45 | Deep Dive |
| CVE-2024-0690 | Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration | - | - | Medium | 5.0 | 2024-02-06 12:00:29 | Deep Dive |
| CVE-2023-50782 | Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659 | - | - | High | 7.5 | 2024-02-05 20:45:50 | Deep Dive |
| CVE-2023-5115 | Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files | Red Hat | Red Hat Ansible Automation Platform 2.3 for RHEL 8 | Medium | 6.3 | 2023-12-18 13:43:08 | Deep Dive |
| CVE-2023-5764 | Ansible: template injection | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 | High | 7.1 | 2023-12-12 22:01:33 | Deep Dive |
| CVE-2023-5189 | Hub: insecure galaxy-importer tarfile extraction | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 | Medium | 6.3 | 2023-11-14 22:57:01 | Deep Dive |
| CVE-2022-3248 | Openshift api admission checks does not enforce "custom-host" permissions | - | kubernetes | Medium | 4.4 | 2023-10-05 13:28:28 | Deep Dive |
| CVE-2023-3971 | Controller: html injection in custom login info | Red Hat | Red Hat Ansible Automation Platform 2.3 for RHEL 8 | High | 7.3 | 2023-10-04 14:26:02 | Deep Dive |
| CVE-2023-4380 | Platform: token exposed at importing project | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 | Medium | 6.3 | 2023-10-04 14:24:35 | Deep Dive |