Vulnerabilities > Redhat > Ansible
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-20 | CVE-2014-4657 | Improper Input Validation vulnerability in Redhat Ansible The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | 7.5 |
| 2020-02-20 | CVE-2014-4678 | Injection vulnerability in multiple products The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | 7.5 |
| 2020-02-20 | CVE-2014-4660 | Insufficiently Protected Credentials vulnerability in Redhat Ansible Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. | 2.1 |
| 2020-02-18 | CVE-2014-4967 | Injection vulnerability in Redhat Ansible Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | 7.5 |
| 2020-02-18 | CVE-2014-4966 | Injection vulnerability in Redhat Ansible Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | 7.5 |
| 2020-01-09 | CVE-2014-2686 | Always-Incorrect Control Flow Implementation vulnerability in Redhat Ansible Ansible prior to 1.5.4 mishandles the evaluation of some strings. | 7.5 |
| 2020-01-02 | CVE-2019-14864 | Improper Output Neutralization for Logs vulnerability in multiple products Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. | 4.0 |
| 2019-11-26 | CVE-2019-14856 | Improper Authentication vulnerability in multiple products ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None | 4.0 |
| 2019-11-25 | CVE-2019-10217 | Information Exposure vulnerability in Redhat Ansible A flaw was found in ansible 2.8.0 before 2.8.4. | 4.0 |
| 2019-11-22 | CVE-2019-10206 | Insufficiently Protected Credentials vulnerability in multiple products ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. | 6.5 |