Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat ansible vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2014-4659
Ansible prior to 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.
Redhat Ansible
2.1
CVSSv2
CVE-2014-4658
The vault subsystem in Ansible prior to 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
Redhat Ansible
7.5
CVSSv2
CVE-2014-4678
The safe_eval function in Ansible prior to 1.6.4 does not properly restrict the code subset, which allows remote malicious users to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
Redhat Ansible
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2.1
CVSSv2
CVE-2014-4660
Ansible prior to 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "...
Redhat Ansible
7.5
CVSSv2
CVE-2014-4966
Ansible prior to 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote malicious users to execute arbitrary code via (1) crafted lookup('pipe') ca...
Redhat Ansible
1 Github repository
7.5
CVSSv2
CVE-2014-4967
Multiple argument injection vulnerabilities in Ansible prior to 1.6.7 allow remote malicious users to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a...
Redhat Ansible
1 Github repository
5
CVSSv2
CVE-2014-2686
Ansible before 1.5.4 mishandles the evaluation of some strings.
Redhat Ansible
6.9
CVSSv2
CVE-2019-14866
In all versions of cpio prior to 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths ...
Gnu Cpio
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
4
CVSSv2
CVE-2019-14864
Ansible, versions 2.9.x prior to 2.9.1, 2.8.x prior to 2.8.7 and Ansible versions 2.7.x prior to 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects...
Redhat Ansible
Redhat Ansible Tower 3.0
Redhat Ceph Storage 3.0
Redhat Cloudforms Management Engine 5.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
Opensuse Backports Sle 15.0
Opensuse Leap 15.1
6.4
CVSSv2
CVE-2019-19340
A flaw was found in Ansible Tower, versions 3.6.x prior to 3.6.2 and 3.5.x prior to 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is ...
Redhat Ansible Tower
Redhat Enterprise Linux 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »