Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2014-3498
The user module in ansible prior to 1.6.6 allows remote authenticated users to execute arbitrary commands.
Redhat Ansible
1 Github repository
668
VMScore
CVE-2014-4967
Multiple argument injection vulnerabilities in Ansible prior to 1.6.7 allow remote malicious users to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a...
Redhat Ansible
1 Github repository
668
VMScore
CVE-2014-4966
Ansible prior to 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote malicious users to execute arbitrary code via (1) crafted lookup('pipe') ca...
Redhat Ansible
1 Github repository
169
VMScore
CVE-2013-4259
runner/connection_plugins/ssh.py in Ansible prior to 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.
Redhat Ansible
641
VMScore
CVE-2015-6240
The chroot, jail, and zone connection plugins in ansible prior to 1.9.2 allow local users to escape a restricted environment via a symlink attack.
Redhat Ansible
1 Github repository
187
VMScore
CVE-2014-4658
The vault subsystem in Ansible prior to 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
Redhat Ansible
187
VMScore
CVE-2014-4659
Ansible prior to 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
Redhat Ansible
516
VMScore
CVE-2013-2233
Ansible prior to 1.2.1 makes it easier for remote malicious users to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
Redhat Ansible
668
VMScore
CVE-2014-4657
The safe_eval function in Ansible prior to 1.5.4 does not properly restrict the code subset, which allows remote malicious users to execute arbitrary code via crafted instructions.
Redhat Ansible
187
VMScore
CVE-2021-3447
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_lo...
Redhat Ansible Tower
Redhat Ansible
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »