Vulnerabilities > Redhat > Ansible > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-20 CVE-2014-4657 Improper Input Validation vulnerability in Redhat Ansible
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
network
low complexity
redhat CWE-20
critical
9.8
2020-02-20 CVE-2014-4678 Injection vulnerability in multiple products
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
network
low complexity
redhat debian CWE-74
critical
9.8
2020-02-18 CVE-2014-4966 Injection vulnerability in Redhat Ansible
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.
network
low complexity
redhat CWE-74
critical
9.8
2020-02-18 CVE-2014-4967 Injection vulnerability in Redhat Ansible
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
network
low complexity
redhat CWE-74
critical
9.8
2018-07-31 CVE-2016-8628 Command Injection vulnerability in Redhat Ansible
Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller.
network
low complexity
redhat CWE-77
critical
9.1
2017-11-21 CVE-2017-7550 Unspecified vulnerability in Redhat Ansible and Enterprise Linux Server
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module.
network
low complexity
redhat
critical
9.8