Vulnerabilities > Redhat > Ansible > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-12 | CVE-2023-5764 | A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. | 7.8 |
2022-10-28 | CVE-2022-3697 | Unspecified vulnerability in Redhat Ansible and Ansible Collection A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. | 7.5 |
2020-10-05 | CVE-2020-25636 | Files or Directories Accessible to External Parties vulnerability in Redhat Ansible 2.10.1 A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. | 7.1 |
2020-08-26 | CVE-2019-14904 | A flaw was found in the solaris_zone module from the Ansible Community modules. | 7.3 |
2020-03-24 | CVE-2020-10684 | Missing Authorization vulnerability in multiple products A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. | 7.1 |
2020-01-09 | CVE-2014-2686 | Always-Incorrect Control Flow Implementation vulnerability in Redhat Ansible Ansible prior to 1.5.4 mishandles the evaluation of some strings. | 7.5 |
2018-07-31 | CVE-2016-8614 | Key Management Errors vulnerability in Redhat Ansible A flaw was found in Ansible before version 2.2.0. | 7.5 |
2018-06-22 | CVE-2017-7466 | Improper Input Validation vulnerability in Redhat Ansible Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. | 8.0 |
2018-05-04 | CVE-2013-2233 | Key Management Errors vulnerability in Redhat Ansible Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. | 7.4 |
2018-04-24 | CVE-2016-9587 | Improper Input Validation vulnerability in multiple products Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. | 8.1 |